Box Info Field Detail Name Reactor OS Linux (Ubuntu 24.04) Difficulty Easy IP 10....

Nigeria did not invent cybercrime. But in the global story of internet fraud, it became one of the most recognizable names attached to it. That reputation was not formed in a single moment. It was...

Box Info Field Detail Name CCTV OS Linux (Ubuntu 24.04) Difficulty Easy Release 2...

What is recon? Recon is the short form of Reconnaissance, it is the second phase of a penetration test. Like the scoping phase, it is methodical, deliberate, and governed by clearly defined constr...

What is scoping? Scoping is the first phase of a penetration test, during which a pentester and an organization formally define which systems may be tested, how the testing will be conducted, and ...

Overview StreamIO is a Windows host running PHP on IIS, backed by an MSSQL database. The foothold begins with SQL injection in the movie search functionality, allowing full extraction of user cred...

Overview Authority is a Windows domain controller. I’ll start by enumerating open SMB shares and uncovering Ansible playbooks containing encrypted values. After cracking those Vault fields, I obta...

Overview VulnCicada is a Medium Windows Active Directory machine that starts with an exposed NFS profile share leaking a user password hidden inside an image. Using those credentials, we discover ...

Overview Redelegate is a hard Windows AD machine that opens with Anonymous FTP exposure, leaking a KeePass database that leads to a valid local MSSQL login. Using that foothold to enumerate domain...

Overview We start TombWatcher with valid domain credentials, but that’s only a doorway. The push to Domain Admin is a stacked escalation driven by AD object control and certificate gaps. Using Blo...