Gratuito · Sin registro

HTB Machine Tracker

Buscador de máquinas HackTheBox colaborado con la comunidad HTB La Paz, Bolivia. Filtra por técnica, dificultad o certificación, obtén una máquina aleatoria o sigue el camino hacia tu próxima cert.

305Máquinas

220Linux

83Windows

9Certificaciones

Dificultad

Certificación

305 máquinas disponibles

WindowsFácil

Active

SMB EnumerationAbusing GPP PasswordsDecrypting GPP Passwords - gpp-decryptKerberoasting Attack (GetUserSPNs.py) [Privilege Escalation]

OSCPOSEPeCPPTv3Active Directory

LinuxFácil

Admirer

Information LeakageAdmirer Exploitation (Abusing LOAD DATA LOCAL Query)Abusing Sudoers Privilege [Library Hijacking - Python] (Privilege Escalation)

eWPTOSWEOSCP

LinuxFácil

Alert

XSS - Injection Via MarkdownDiscovering LFI accessible from XSSCracking HashesExploiting Web Service Executed by Root+1 más

eJPTeWPT

LinuxFácil

Analytics

Subdomain EnumerationMetabase Exploitation (CVE-2023-38646)Docker Container Information LeakageKernel Exploitation - GameOver(lay) / Abusing OverlayFS [Privilege Escalation]

eWPT

LinuxFácil

Antique

SNMP EnumerationNetwork Printer AbuseCUPS Administration Exploitation (ErrorLog)EXTRA -> (DirtyPipe) [CVE-2022-0847]

eJPT

WindowsFácil

Arctic

Adobe ColdFusion 8 ExploitationDirectory Traversal VulnerabilityCracking HashesAbusing Scheduled Tasks - Creating malicious JSP file+1 más

OSCPeWPT

LinuxFácil

Backdoor

WordPress Local File Inclusion Vulnerability (LFI)LFI to RCE (Abusing /proc/PID/cmdline)Gdbserver RCE VulnerabilityAbusing Screen (Privilege Escalation) [Session synchronization]

OSCPeWPTOSWEeWPTXv2

LinuxFácil

Bank

Domain Zone Transfer Attack - AXFR (dig)Information LeakageAbusing File Upload [RCE]Abusing SUID Binary (WTF?) [Privilege Escalation]

eWPT

LinuxFácil

Bashed

Web EnumerationAbusing WebShell Utility (RCE)Abusing Sudoers Privilege (User Pivoting)Detecting Cron Jobs Running on the System+1 más

eJPT

LinuxFácil

Beep

Elastix 2.2.0 Exploitation - Local File Inclusion (LFI)Information LeakageVtiger CRM Exploitation - Abusing File Upload (1st way) [RCE]Shellshock Attack (2nd way) [RCE]

eWPT

LinuxFácil

Bizness

Apache OFBiz Exploitation (Authentication Bypass)Analysis of OFBiz code to understand the hashed storage mechanismAdapting found hashes to a crackable formatCracking Hashes [Privilege Escalation]

eWPT

LinuxFácil

Blocky

WordPress EnumerationInformation LeakageAnalyzing a jar file - JD-Gui + SSH AccessAbusing Sudoers Privilege [Privilege Escalation]

eJPT

WindowsFácil

Blue

SMB EnumerationEternalblue Exploitation (MS17-010) [Triple Z Exploit]Obtaining credentials stored in memory [MIMIKATZ + Windows Defender Evasion] (EXTRA)Enabling RDP from CrackMapExec (EXTRA)+5 más

OSCP

LinuxFácil

Blunder

Bludit CMS ExploitationBypassing IP Blocking (X-Forwarded-For Header)Directory Traversal Image File Upload (Playing with .htaccess)Abusing sudo privilege (CVE-2019-14287)

eWPTOSWEeWPTXv2

LinuxFácil

BoardLight

Subdomain EnumerationDolibarr 17.0.0 Exploitation - CVE-2023-30253Information Leakage (User Pivoting)Enlightenment SUID Binary Exploitation [Privilege Escalation]

eWPTeJPT

WindowsFácil

Bounty

IIS EnumerationCreating our own extension fuzzer in Python [Python Scripting] [EXTRA]IIS Exploitation - Executing code via web.config file uploadAbusing SeImpersonatePrivilege - Juicy Potato [Privilege Escalation]

eWPTOSWEOSCP

LinuxFácil

BountyHunter

XXE (XML External Entity Injection) ExploitationXXE PHP File Read - Base64 WrapperAbusing Sudoers Privilege [Privilege Escalation]

eWPTOSWEOSCP

LinuxFácil

Broker

Credential guessingActiveMQ Exploitation - Deserialization Attack (CVE-2023-46604) [RCE]Abusing sudoers privilege (nginx) [Privilege Escalation]

eWPT

WindowsFácil

Buff

Gym Management System Exploitation (RCE)CloudMe Exploitation [Buffer Overflow] [OSCP Like] (Manual procedure) [Python Scripting]

OSCPeCPPTv3Buffer Overflow

LinuxFácil

Cap

Insecure Directory Object Reference (IDOR)Information LeakageAbusing Capabilities (Python3.8) [Privilege Escalation]

eJPT

LinuxFácil

Chemistry

Malicious CIF File (RCE)SQLite Database File EnumerationCracking Hashesaiohttp/3.9.1 Exploitation (CVE-2024.23334) [Privilege Escalation]

eWPTeJPT

WindowsFácil

Cicada

SMB EnumerationInformation LeakageRID Brute with Netexec for Potential User DiscoveryInformation Leakage through Rpcclient (querydispinfo)+1 más

OSCPActive Directory

LinuxFácil

Code

Web EnumerationPython Reverse Shell Restriction BypassDatabase SQLite File EnumerationCracking Hashes+1 más

eWPTeJPT

LinuxFácil

Codify

Abusing vm2 NodeJS Package (RCE) [CVE-2023-30547]SQLite Database File EnumerationCracking HashesAbusing Sudoers Privilege (Custom Script)+1 más

eWPT

LinuxFácil

CozyHosting

Spring Boote Web Page EnumerationInformation LeakageCookie HijackingCommand Injection + Filter Bypass+4 más

eWPTeJPT

WindowsFácil

Crafty

Minecraft Exploitation - Log4Shell (RCE)JAR Plugin Analysis with JD-GUI + Information LeakageUsing RunasCs to execute commands as administrator [Privilege Escalation]

eJPTOSCP

LinuxFácil

Curling

Information Leakage wtf xdJoomla EnumerationJoomla Exploitation [Abusing Templates] [RCE]Decompression Challenge+1 más

eWPT

LinuxFácil

Delivery

Virtual Hosting EnumerationAbusing Support Ticket SystemAccess to MatterMostInformation Leakage+4 más

eJPTeWPT

WindowsFácil

Devel

Abusing FTP + IIS ServicesCreating an AutoPwn Script [Python Scripting]Microsoft Windows (x86) – ‘afd.sys’ (MS11-046) [Privilege Escalation]

OSCPeJPT

LinuxFácil

Devvortex

Subdomain EnumerationAbusing JoomlaJoomla Exploitation (CVE-2023-23752)Customizing administration template to achieve RCE+2 más

eWPT

LinuxFácil

Doctor

Server Side Template Injection (SSTI)Exploiting the SSTI by calling Popen without guessing the offset (1st way) [RCE]Command Injection (2nd way) [RCE]Abusing adm group - Finding credentials in request logs+1 más

eWPTeWPTXv2OSWE

LinuxFácil

Dog

Information Disclosure (.git) - GitHackInformation Leakage (Hardcoded passwords in code)Creating a new malicious module for Backdrop (RCE)Abusing sudoers privilege (bustom bee binary) [Privilege Escalation]

eWPT

WindowsFácil

Driver

Password GuessingSCF Malicious FilePrint Spooler Local Privilege Escalation (PrintNightmare) [CVE-2021-1675]

OSCPeJPT

LinuxFácil

Editorial

Virtual HostingAbusing File UploadServer Side Request Forgery (SSRF) Exploitation + Internal Port DiscoveryAPI enumeration through SSRF+2 más

eWPTeJPT

WindowsFácil

Forest

AXFR - Domain Zone Transfer Attack (Failed)RPC Enumeration - Getting valid domain usersPerforming an AS-RepRoast attack with the obtained usersCracking Hashes+10 más

OSCPOSEPeCPPTv3Active Directory

LinuxFácil

Frolic

Web EnumerationInformation LeakagePlaying with esoteric languages - Ook! and BrainfuckCracking Zip Password Protected Files+2 más

eWPTBuffer Overflow

LinuxFácil

GoodGames

SQLI (Error Based)Hash Cracking Weak AlgorithmsPassword ReuseServer Side Template Injection (SSTI)+1 más

eJPTeWPTeCPPTv3OSCP

WindowsFácil

Grandpa

Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow [RCE]Token Kidnapping - Churrasco [Privilege Escalation]

OSCPeWPTeJPT

WindowsFácil

Granny

Abusing PUT & MOVE Methods - Uploading Aspx WebShellMicrosoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow [RCE]Token Kidnapping - Churrasco [Privilege Escalation]

OSCPeWPTeJPT

LinuxFácil

GreenHorn

Pluck EnumerationGitea EnumerationCode Analysis + Information LeakageCracking Hashes+2 más

eWPT

LinuxFácil

Haystack

ElasticSearch EnumerationInformation LeakageKibana EnumerationKibana Exploitation (CVE-2018-17246)+1 más

eWPTOSCPOSWE

LinuxFácil

Headless

XSS injection via custom headerStealing administrator user session cookie via XSSCommand injection in web panelAbusing sudoers privilege [Privilege Escalation]

eWPTOSWEOSCP

WindowsFácil

Heist

Information LeakageCisco Password Cracker (password7)SMB Enumeration - CrackMapExecGetting more valid system users - lookupsid.py+3 más

OSCP

LinuxFácil

Horizontall

Information LeakagePort ForwardingStrapi CMS ExploitationLaravel Exploitation

eWPTeJPT

LinuxFácil

Inject

Web EnumerationLocal File Inclusion + Directory ListingInformation LeakageSpring Cloud Exploitation (CVE-2022-22963) [Spring4Shell]+2 más

eWPTOSCP

LinuxFácil

Irked

UnrealIRCd 3.2.8.1 Exploitation (RCE)Steganography ChallengeAbusing SUID BinaryBinary Analysis (GHIDRA)+1 más

eJPT

WindowsFácil

Jerry

Information LeakageAbusing Tomcat [Intrusion & Privilege Escalation]

eJPT

LinuxFácil

Keeper

Abusing Request TrackerInformation LeakageObtaining KeePass password through memory dump [Privilege Escalation]

eJPT

LinuxFácil

Knife

PHP 8.1.0-dev - 'User-Agent' Remote Code Execution [RCE]Abusing Sudoers Privilege (Knife Binary) [Privilege Escalation]

eJPT

LinuxFácil

Laboratory

SSL Certificate EnumerationGitlab EnumerationGitlab Exploitation - Arbitrary file read via the UploadsRewriter when moving an issueGitlab Exploitation - Malicious Marshalled Payload in a session cookie + Deserialization Attack [RCE]+4 más

eWPTeWPTXv2OSWEOSCP

LinuxFácil

Lame

Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

eJPT

LinuxFácil

Late

Virtual Hosting EnumerationAbusing Upload File - Image to Text Flask UtilitySSTI - Server Side Template InjectionReading files through SSTI - SSH Private Key+1 más

eWPTOSWEOSCP

WindowsFácil

Legacy

SMB EnumerationEternalblue Exploitation (MS17-010) [Triple Z Exploit]

OSCPeJPT

LinuxFácil

LinkVortex

Subdomain Enumeration.git Exposure (GitHack)Information LeakageGhost 5.58 Exploitation (CVE-2023-40028) [Arbitrary File Read]+2 más

eWPT

WindowsFácil

Love

Server Side Request Forgery (SSRF)Exploiting Voting SystemAbusing AlwaysInstallElevated (msiexec/msi file)

eJPTeWPTOSCP

OtroFácil

Luanne

Web EnumerationDefault Credentials (Supervisord Default Password)Fuzzing (Gobuster/Wfuzz)Lua Command Injection (RCE)+4 más

eWPT

WindowsFácil

Mailing

Web EnumerationInformation Leakage through LFI (hMailServer)Cracking HashesMicrosoft Outlook Remote Code Execution (RCE) - CVE-2024-21413+3 más

eWPTOSCP

LinuxFácil

MetaTwo

WordPress EnumerationWordPress Plugins EnumerationBookingPress < 1.0.11 - Unauthenticated SQL Injection [CVE-2022-0739]Cracking Hashes+5 más

eWPT

LinuxFácil

Mirai

Gaining SSH Access Using Default Raspberry CredentialsAbusing Sudo Group [Privilege Escalation]Recovering Deleted root.txt File through a Connected External Device

eJPT

LinuxFácil

MonitorsTwo

Cacti 1.2.22 Exploitation - Command InjectionCracking HashesDocker Exploitation (CVE-2021-41091) [Privilege Escalation]

eWPTOSWE

WindowsFácil

Netmon

FTP EnumerationInformation LeakageAbusing PRTG Network Monitor - Command Injection [RCE]

eJPTeWPTOSCP

LinuxFácil

Networked

Information LeakagePHP Source Code AnalysisAbusing File Upload (AddHandler Exploitation) [RCE]Abusing Cron Job [Command Injection] (User Pivoting)+2 más

eWPTeJPT

LinuxFácil

Nibbles

Abusing Nibbleblog - Remote Code Execution via File UploadAbusing Sudoers Privilege [Privilege Escalation]

eJPT

LinuxFácil

Nocturnal

Web EnumerationUser Enumeration VulnerabilityInformation LeakageExploitation in the Website Backup Creation Process (RCE)+2 más

eWPTeWPTXv2

LinuxFácil

NodeBlog

NoSQL Injection (Authentication Bypass)XXE File ReadNodeJS Deserialization Attack (IIFE Abusing)Mongo Database Enumeration

eJPTeWPT

LinuxFácil

NunChucks

NodeJS SSTI (Server Side Template Injection)AppArmor Profile Bypass (Privilege Escalation)

eJPTeWPT

LinuxFácil

OpenSource

Web EnumerationGithub Project EnumerationInformation LeakageAbusing File Upload - Replacing Python Files [RCE]+5 más

eWPTeWPTXv2OSWEeCPPTv3OSCP

WindowsFácil

Optimum

HttpFileServer 2.3 Exploitation [RCE]System Recognition - Windows Exploit SuggesterMicrosoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) [Privilege Escalation]

OSCPeWPT

LinuxFácil

Pandora

SNMP Fast EnumerationInformation LeakageLocal Port ForwardingSQL Injection - Admin Session Hijacking+2 más

OSCPeWPT

LinuxFácil

Paper

Information LeakageAbussing WordPress - Unauthenticated View Private/Draft PostsAbusing Rocket Chat BotPolkit (CVE-2021-3560) [Privilege Escalation]

eWPTOSCP

LinuxFácil

PC

gRPC Enumeration with grpcurl and gRPC UIRegistering a User in the Application through grpcurlSQL Injection in SQLite through grpcurl (Enumerating Tables, Columns and Data)Abusing Internal Web Service - PyLoad 0.5.0+1 más

eWPTeWPTXv2OSWE

LinuxFácil

Perfection

Newline Injection + SSTI (ERB Injection) [RCE]Cracking Hashes - Creating your own rules with hashcatAbusing the 'sudo' group once the user's password is known

eWPTOSWE

LinuxFácil

PermX

Subdomain EnumerationChamilo LMS Exploitation - Unauthenticated Command Injection [CVE-2023-31803] (RCE)Information LeakageAbusing Sudoers - Custom Bash Script (playing with setfacl) [Privilege Escalation]

eWPTeJPT

LinuxFácil

Photobomb

Virtual HostingWeb EnumerationInformation Leakage - Credentials in Javascript FileAbusing Image Download Utility (Command Injection) [RCE]+2 más

OSCPeWPT

LinuxFácil

Pilgrimage

Web EnumerationFile Upload EnumerationAbusing .git - Git-Dumper (Information Leakage)ImageMagick 7.1.0-40 beta Exploitation (Arbitrary File Read) [CVE-2022-44268]+3 más

eWPTeJPT

LinuxFácil

Postman

Redis EnumerationRedis Exploitation - Write SSH KeyWebmin Exploitation - Python ScriptingWe create our own exploit in Python - AutoPwn [Ruby code adaptation from Metasploit]

eWPTeWPTXv2OSWE

LinuxFácil

Precious

Pdfkit v0.8.6 Exploitation - Command Injection (CVE-2022-25765)Advanced Python Scripting - Autopwn Script [EXTRA]Information Leakage [User Pivoting]Abusing sudoers privilege + Yaml Deserialization Attack [Privilege Escalation]

eWPT

LinuxFácil

Previse

Web EnumerationExecution After Redirect (EAR) Vulnerability - Skipping RedirectsPHP Source Code AnalysisCommand Injection (RCE)+4 más

eWPTeJPT

LinuxFácil

RedPanda

Server Side Template Injection (SSTI)SSTI - Bypassing special character restrictionSSTI - Creation of a Python script to automate java injection (RCE)Creating a Bash script for process monitoring with user included+1 más

eWPTeWPTXv2OSWEOSCP

WindowsFácil

Remote

Web EnumerationNFS Enumeration - ShowmountInformation LeakageAbusing Umbraco Admin Panel+2 más

eWPTOSCP

LinuxFácil

Reset

Web EnumerationInformation DisclosureInsecure Password ResetUser Enumeration+8 más

eWPTeWPTXv2

WindowsFácil

Return

Abusing PrinterAbusing Server Operators GroupService Configuration Manipulation

eJPTOSCP

LinuxFácil

RouterSpace

Mobile Application Penetration TestingAPK Analysis and DebuggingDecoding APK with APKToolFiles Inspection+6 más

eWPTMobile

LinuxFácil

Safe

Information LeakageBuffer Overflow [x64] [ROP Attacks using PwnTools] [NX Bypass] [ASLR Bypass]Trying to hijack the argument to the system() function by loading our content in RDI [Way 1]Leaking puts and libc address to make a system call with the argument loaded in RDI [Way 2] [EXTRA]+1 más

Buffer Overflow

LinuxFácil

requests-baskets 1.2.1 Exploitation (SSRF - Server Side Request Forgery)Maltrail 0.53 Exploitation (RCE - Username Injection)Abusing sudoers privilege (systemctl) [Privilege Escalation]

eWPT

WindowsFácil

Sauna

Information LeakageLdap EnumerationKerberos User Enumeration - KerbruteASRepRoast Attack (GetNPUsers)+6 más

OSCPOSEPeCPPTv3Active Directory

LinuxFácil

ScriptKiddie

Msfvenom Exploitation [CVE-2020-7384] [RCE]Abusing Logs + Cron Job [Command Injection / User Pivoting]Abusing Sudoers Privilege [Msfconsole Privilege Escalation]

eJPTOSCP

LinuxFácil

Sea

Web FuzzingWonderCMS Exploitation (XSS + RCE)Cracking HashesLocal Port Forwarding + Internal System Monitor Web Exploitation (Command Injection)+1 más

eWPTOSWE

LinuxFácil

Secret

Code AnalysisAbusing an APIJson Web Tokens (JWT)Abusing/Leveraging Core Dump [Privilege Escalation]

eWPTeWPTXv2OSWE

LinuxFácil

Sense

Information LeakagePFsense - Abusing RRD Graphs (RCE) [Evasion Techniques]Python Exploit Development (AutoPwn) [EXTRA]

eWPTeWPTXv2OSWE

WindowsFácil

Servmon

NVMS-1000 Exploitation - Directory TraversalLocal File Inclusion (LFI)Local Port Forwarding - SSHNSClient++ Exploitation - Privilege Escalation

eWPTOSCP

LinuxFácil

Shocker

ShellShock Attack (User-Agent)Abusing Sudoers Privilege (Perl)EXTRA: Creamos nuestro propio CTF en Docker que contemple ShellShock

eWPTeJPT

LinuxFácil

Shoppy

Virtual HostingSubdomain EnumerationNoSQL Injection (Admin Auth Bypass)Abusing the Shoppy App search engine (NoSQL Injection) - Obtaining the password of DB users+5 más

eWPTOSWEOSCP

LinuxFácil

Sightless

WEB EnumerationSQLPad Exploitation - Command Injection [CVE-2022-0944]Cracking HashesNginx/Apache File System Enumeration+3 más

eWPTOSWE

LinuxFácil

Soccer

Web EnumerationAbusing Tiny File Manager (RCE by Uploading a Malicious PHP File)WebSocket SQL Boolean-Based/Time-Based Blind InjectionAbusing Doas Privilege (dstat) [Privilege Escalation]

eWPTeWPTXv2OSWE

OtroFácil

Spectra

Web EnumerationVirtual HostingInformation Leakage (wp-config.php.save)Gaining Administrator Access to the WordPress Dashboard+4 más

eWPTeJPT

LinuxFácil

Squashed

NFS EnumerationAbusing owners assigned to NFS shares by creating new users on the system (Get Access to Web Root)Creating a web shell to gain system accessAbusing .Xauthority file (Pentesting X11)+1 más

OSCP

LinuxFácil

SteamCloud

Kubernetes API Enumeration (kubectl)Kubelet API Enumeration (kubeletctl)Command Execution through kubeletctl on the containersCluster Authentication (ca.crt/token files) with kubectl+3 más

eWPTXv2OSWE

LinuxFácil

Stocker

Subdomain EnumerationNoSQL Injection - Authentication BypassAbusing API + Information LeakageServer-Side XSS + LFI Exploitation through Dynamic PDF Generation+1 más

eWPTOSWE

WindowsFácil

Support

SMB EnumerationEXE Binary AnalysisDebugging with DNSpySetting breakpoints and getting an LDAP password in clear text (DNSpy)+10 más

OSCPOSEPeCPPTv3Active Directory

LinuxFácil

SwagShop

Magento CMS Exploitation (Creating an admin user)Magento - Froghopper Attack (RCE)Abusing sudoers (Privilege Escalation)

eWPTOSWEOSCP

LinuxFácil

Tabby

Local File Inclusion (LFI)Abusing Tomcat Virtual Host ManagerAbusing Tomcat Text-Based Manager - Deploy Malicious War (Curl Method)LXC Exploitation (Privilege Escalation)

eWPTOSCPeJPT

LinuxFácil

Teacher

Information LeakageAbusing Moodle - Login BruteForce (Wfuzz)Moodle Exploitation - Code Injection (Abusing Math formulas in Quiz component) [RCE]Database Enumeration+2 más

eWPTOSWEeWPTXv2OSCP

WindowsFácil

TimeLapse

SMB EnumerationCracking ZIp Password Protected File (fcrackzip)Cracking and reading .PFX File (crackpkcs12)Gaining SSL access with Evil-WinRM+2 más

OSCPOSEPeCPPTv3Active Directory

WindowsFácil

Toolbox

PostgreSQL Injection (RCE)Abusing boot2docker [Docker-Toolbox]Pivoting

eWPTOSCPeJPTeCPPTv3

LinuxFácil

Topology

Subdomain EnumerationLaTeX Injection + Blocklisted Function BypassFile Read through LaTeX InjectionCracking Hashes+2 más

eWPT

LinuxFácil

Traverxec

Nostromo ExploitationAbusing Nostromo HomeDirs ConfigurationExploiting Journalctl (Privilege Escalation)

eWPTOSCP

LinuxFácil

Trick

DNS EnumerationDomain Zone Transfer Attack (AXFR)SQL Injection (SQLI) - Manual Blind SQLI with Conditional Responses [Python Scripting - AutoPwn]Local File Inclusion (LFI) + Wrappers+5 más

eWPTeWPTXv2OSWEOSCP

LinuxFácil

TwoMillion

Building a Python3 Stealth port scanner with ScapyAbusing declared Javascript functions from the browser consoleAbusing the API to generate a valid invite codeAbusing the API to elevate our privilege to administrator+3 más

eWPTOSWE

LinuxFácil

Usage

Subdomain EnumerationSQLI - Boolean-Based Blind Injection (MANUAL) + BurpSuite TipsPython Scripting in order to exploit SQLICracking Hashes+3 más

eWPTeWPTXv2OSWE

LinuxFácil

Valentine

SSL Heartbleed ExploitationCracking HashesTmux Socket File Session [Privilege Escalation]Linux Kernel 2.6.22 < 3.9 - Dirty Cow PTRACE_POKEDATA Race Condition privilege Escalation

eWPT

LinuxFácil

Validation

SQLI (Error Based)SQLI -> RCE (INTO OUTFILE)Information Leakage

eJPTeWPT

LinuxFácil

Wifinetic

FTP EnumerationInformation LeakageSSH Brute Force with CrackMapExecAbusing Capabilities - Reaver+2 más

WindowsMedia

Administrator

SMB Enumeration (Netexec, Smbmap)Listing Existing Users at Domain Level (rpcclient)LDAP Enumeration (ldapdomaindump)Testing Kerberoasting and ASRepRoast Attack+10 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

LinuxMedia

Ambassador

Web EnumerationGrafana v8.2.0 Exploitation [CVE-2021-43798] (Unauthorized Arbitrary File Read Vulnerability)Enumerating a sqlite3 file [Extracting mysql login credentials]System Github Project Enumeration+1 más

eWPTOSCP

LinuxMedia

Apocalyst

Wordpress EnumerationImage Stego Challenge - SteghideInformation Leakage - User EnumerationWordPress Exploitation - Theme Editor [RCE]+1 más

eJPTeWPTOSCP

LinuxMedia

Aragog

XXE (XML External Entity Injection) ExploitationModifying a wordpress login to steal credentials (Privilege Escalation)

eWPTOSWE

WindowsMedia

Atom

SMB EnumerationEXE Binary AnalysisAbusing electron-updater - Signature Validation Bypass [RCE]Abusing PortableKanban - Reading the encrypted password+2 más

OSCP

LinuxMedia

Awkward

Web EnumerationWebpack Application EnumerationAPI Endpoints - Information LeakageSubdomain Enumeration+8 más

OSWEeWPTeWPTXv2

WindowsMedia

BabyTwo

SMB EnumerationNetExec spider_plus ModuleUser Enumeration (NetExec RID Cycling Brute Force Attack)BloodHound Enumeration (BloodHound-CE Docker)+3 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

LinuxMedia

Backend

API EnumerationAbusing API - Registering a new userAbusing API - Logging in as the created userEnumerating FastApi Endpoints through Docs+5 más

eWPTOSWEOSCP

LinuxMedia

BackendTwo

API EnumerationAbusing API - Registering a userAccessing the Docs path of FastAPIMass Assignment Attack (Becoming superusers)+5 más

eWPTeWPTXv2OSWE

WindowsMedia

Bart

Subdomain Enumeration - GobusterInformation LeakageUsername enumeration - Abusing the Forget Password OptionSimple Chat Exploitation - Creating a new user+3 más

OSCPeWPTeWPTXv2OSWE

WindowsMedia

Bastard

Drupal EnumerationDrupal 7.X Module Services - Remote Code Execution [SQL Injection]Drupal Admin Cookie HijackingDrupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution+4 más

OSCPeWPT

LinuxMedia

Blurry

Rocket.Chat EnumerationSubdomain Enumeration - CAIDOClearML EnumerationClearML 1.31.1 Exploitation [CVE-2024-24590]+5 más

eWPTeWPTXv2OSWE

LinuxMedia

Bolt

Information LeakageSubdomain EnumerationSSTI (Server Side Template Injection)Abusing PassBolt+1 más

eJPTeWPTeWPTXv2OSWE

LinuxMedia

Book

SQL Truncation AttackLocal File Read via XSS in Dynamically Generated PDF - HackTricksAbusing Cron Job - Logrotate Exploit (Logrotten) [Privilege Escalation]

eWPTOSWEOSCP

LinuxMedia

BroScience

(LFI) Local File Inclusion Vulnerability + Filter Bypass RestrictionSource Code Analysis (PHP)Manually Generating Invitation Codes Based on Server Time During RegistrationGetting Logged in with the Generated Invitation Code+5 más

eWPTeWPTXv2OSWE

LinuxMedia

Builder

Jenkins Exploitation - CVE-2024-23897 in order to read arbitrary files (RCE)Cracking HashesAbusing the Jenkins cipher to crack the password [Privilege Escalation]

eWPT

LinuxMedia

Cache

Information Leakage (Code Inspection)Abusing OpenEMRBroken Access ControlAuthentication Bypassing (Abusing the registration panel)+3 más

eWPTOSWEOSCP

WindowsMedia

Cascade

RPC EnumerationUser Enumeration via Kerberos - KerbruteASREPRoast Attack - GetNPUsers.py (Failed)LDAP Enumeration - ldapsearch && ldapdomaindump+10 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Cat

Web EnumerationInformation Disclosure (.git) - GitHackPHP Code AnalysisXSS Exploitation+6 más

eWPTeWPTXv2OSWE

LinuxMedia

Catch

APK Analysis (apktool, d2j-dex2jar)JD-GUI - Code InspectionInformation Leakage - Visible Token valuesCachet Framework Exploitation - SQLI+3 más

eWPTeWPTXv2OSWEMobile

LinuxMedia

Celestial

NodeJS Deserialization Attack [RCE]IIFE Serialization/Deserialization Attack - ExplainedNode Reverse ShellAbusing Cron Job

OSWEeWPTeWPTXv2OSCP

WindowsMedia

Certified

SMB EnumerationBloodhound EnumerationAbusing WriteOwner RightsModifying the Owner of Existing Group (owneredit.py)+13 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

LinuxMedia

Chaos

Password GuessingAbusing e-mail service (claws-mail)Crypto Challenge (Decrypt Secret Message - AES Encrypted)LaTeX Injection (RCE)+2 más

eWPTeJPT

WindowsMedia

Chatterbox

Achat 0.150 beta7 - Buffer Overflow (Windows 7 32 bits)Generating a Shellcode based on our needs + TIPSIcacls Abuse (Privilege Escalation)PowerUp Enumeration (Alternative Privilege Escalation)

OSCPBuffer Overflow

LinuxMedia

Clicker

Abusing a game via the browser consoleAbusing NFS + Information LeakageCode AnalysisMass Assignment Exploitation in order to elevate our user privileges+6 más

eWPTOSWEOSED

WindowsMedia

Compiled

Gitea EnumerationInformation LeakageGit Exploitation [CVE-2024-32002] (RCE)SQLite Database File Enumeration+3 más

OSCP

LinuxMedia

Cronos

Domain Zone Transfer (AXFR)SQLI (Blind Time Based) - Creating a custom Python scriptCommand InjectionAbusing Cron Job [Privilege Escalation]

eWPTeWPTXv2OSWEOSCP

LinuxMedia

DevOops

XXE (XML External Entity Injection) ExploitationReading internal files through XXE - Private SSH KeyAbusing a Github project - Information Leakage in Project Commits [Privilege Escalation]

eWPTOSWE

LinuxMedia

Devzat

Fuzzing Directory .git (GIT Project Recomposition)Web Injection (RCE)Abusing InfluxDB (CVE-2019-20933)Abusing Devzat Chat /file command (Privilege Escalation)+1 más

eWPTeJPT

LinuxMedia

Encoding

Web EnumerationAPI EnumerationSubdomain Brute Force (gobuster)Local File Inclusion by Abusing the API+10 más

eWPTeWPTXv2OSWE

LinuxMedia

Enterprise

WordPress Lcars Plugin SQLI VulnerabilitySQL Injection (boolean-based blind, error-based, time-based blind)WordPress Exploitation [www-data] (Theme Edition - 404.php Template)Joomla Exploitation [www-data] (Template Manipulation)+3 más

eWPTeCPPTv3eCPTXv2Buffer Overflow

LinuxMedia

Epsilon

Git Source Leak Exploit (GitHack)AWS EnumerationLambda Function EnumerationAuthentication Bypass+3 más

eWPTeWPTXv2OSCPOSWE

LinuxMedia

Europa

SSL Certificate InspectionLogin Bypass - SQLISQLI (Blind Time Based) [Python Scripting]Abusing preg_replace (REGEX Danger) [RCE]+2 más

OSCPeWPTeWPTXv2OSWE

LinuxMedia

Faculty

Web EnumerationSQL Injection (SQLI) - Manual Blind Time Based [Python Scripting]Information Leakage - Error MessagesLogin bypass - SQLI+3 más

eWPTeWPTXv2OSWEOSCP

LinuxMedia

Flustered

Abusing Squid ProxyAbusing GlusterFSInformation LeakageServer Side Template Injection (SSTI)[RCE]+1 más

OSCPeJPTeWPTeWPTXv2eCPPTv3+1

LinuxMedia

FluxCapacitor

Fuzzing Parameters - WfuzzWAF BypassingCommand InjectionAbusing Sudoers Privilege [Privilege Escalation]

eWPTOSWE

LinuxMedia

Forge

Bypassing URL BlacklistServer Side Request Forgery (SSRF)Abusing Sudoers Privilege (Abusing Python Script)

eWPTOSWEOSCP

LinuxMedia

Format

Subdomain EnumerationGitea EnumerationPHP Code AnalysisFinding Code-Level Vulnerability that Allows Attackers to Read Alternative Files (LFI)+6 más

eWPTeWPTXv2OSWE

WindowsMedia

Fuse

Information LeakageCreating a Custom Dictionary with CewlBrute Force with Netexec to SMB to Obtain Valid CredentialsChanging a User's Password with impacket-smbpasswd+4 más

OSCPActive Directory

WindowsMedia

Giddy

SQL Injection (XP_DIRTREE) [SQLI] - Get Net-NTLMv2 HashWindows Defender Evasion (Ebowla)Windows Defender Evasion (Building our own C program)Service Listing Techniques+1 más

eWPTOSCPOSWE

LinuxMedia

Haircut

SSRF Attack (Server Side Request Forgery)Abusing a Curl implementation - Upload malicious PHP fileCommand Injection - Alternative ExploitationGNU Screen 4.5.0 - Local Privilege Escalation

OSCPeWPT

LinuxMedia

Hawk

OpenSSL Cipher Brute Force and DecryptionDrupal Enumeration/ExploitationH2 Database Exploitation

eJPTeWPT

LinuxMedia

Health

Web EnumerationAbusing WebHook SetupCreating a PHP file to apply a Redirect and point to internal machine services [Restriction Bypassing]Gogs v0.5.5 Exploitation - SQL Injection [CVE-2014-8682]+6 más

eWPTeWPTXv2OSWEOSCP

WindowsMedia

Hospital

SMB EnumerationAbusing File Upload (.phar extension + Python Scripting)Abusing PHP Disable Functions in order to RCEGameOver(lay) Exploitation (Privilege Escalation)+5 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

IClean

Web EnumerationHTML InjectionXSS ExploitationAbusing JWT+4 más

eWPTeWPTXv2OSWE

LinuxMedia

Inception

DomPDF Exploitation - Local File Inclusion (LFI) [CVE-2014-2383]Bash ScriptingAbusing Squid ProxyInternal Port Discovery via Squid Proxy - Wfuzz+5 más

eWPTOSWEeCPPTv3

LinuxMedia

Instant

APK Analysis (apktool)Information LeakageAPI Enumeration (Swagger)Directory Traversal + File Read (id_rsa)+1 más

eJPT

WindowsMedia

Intelligence

Information LeakageKerberos Enumeration (Kerbrute)Creating a DNS Record (dnstool.py) [Abusing ADIDNS]Intercepting Net-NTLMv2 Hashes with Responder+6 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Interface

Web EnumerationAPI Endpoints EnumerationFuzzing POST API ParametersExploiting dompdf 1.2.0 Vulnerability (XSS to RCE through Malicious CSS File)+2 más

eWPTeWPTXv2OSWE

WindowsMedia

Jab

SMB EnumerationXMPP/Jabber Enumeration via PidginInformation LeakageUser Enumeration via Pidgin's Advanced User Search Option+8 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

WindowsMedia

Jeeves

Jenkins Exploitation (Groovy Script Console)RottenPotato (SeImpersonatePrivilege)PassTheHash (Psexec)Breaking KeePass+1 más

OSCPeJPTeWPTeCPPTv3

LinuxMedia

Jewel

Gitweb EnumerationInformation LeakageCracking HashesSearching for vulnerabilities in Ruby on Rails with Brakeman+5 más

eWPTOSWEOSCP

WindowsMedia

Json

Abusing No RedirectJson Deserialization Exploitation - ysoserial.net [RCE]AppLocker BypassAbusing SeImpersonatePrivilege - JuicyPotato [Privilege Escalation]+9 más

OSCPeWPT

LinuxMedia

Jupiter

Subdomain EnumerationEnumerating Grafana RequestsExecuting system commands through PostgreSQL by exploiting an API (RCE)Creation of bash script to enumerate processes and commands running on the system (procmon.sh)+3 más

eWPTeWPTXv2OSWE

LinuxMedia

Lazy

Padding Oracle Attack (Padbuster)Bit Fliper Attack (BurpSuite) - Obtaining the admin user's CookieAbusing SUID binaryPATH Hijacking [Privilege Escalation]

eWPTOSWEOSCP

LinuxMedia

Luke

FTP EnumerationInformation LeakageAbusing NodeJS ApplicationAPI Enumeration+1 más

eWPT

WindowsMedia

Manager

SMB EnumerationUser Enumeration [1st way] - RID Cycling Attack (rpcclient)User Enumeration [2nd way] - RID Cycling Attack (CrackMapExec)User Enumeration [3rd way] - Kerberos User Enumeration (Kerbrute)+9 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Mango

Virtual HostingNoSQL Injection Login BypassNoSQL Injection - Dumping Users and Passwords [Python Scripting]Abusing SUID Binary - JJS [Privilege Escalation]

eWPTOSWE

LinuxMedia

Mentor

Virtual HostingSubdomain EnumerationAPI EnumerationAbusing API+6 más

eWPTOSWEeCPPTv3

LinuxMedia

Monitored

Nagios EnumerationAPI EnumerationSNMP EnumerationAbusing API+5 más

eWPTeWPTXv2OSWE

LinuxMedia

MonitorsThree

Subdomain EnumerationSQLI - Manual Time Based Blind Injection (Python Scripting)Cracking HashesCacti Exploitation (CVE-2024-25642) - Malicious Package Import+4 más

eWPTOSWEeWPTXv2

WindowsMedia

Monteverde

RPC EnumerationCredential Brute Force - CrackMapExecShell Over WinRMAbusing Azure Admins Group - Obtaining the administrator's password (Privilege Escalation)

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Nineveh

Abusing http forms with Hydra - Login Brute ForceLocal File Inclusion (LFI)Steganography - id_rsa hidden in imageAbusing phpLiteAdmin v1.9 (Remote Code Execution)+3 más

eWPTOSWEOSCP

LinuxMedia

Node

Information LeakageAPI EnumerationCracking HashesCracking ZIP file+5 más

eJPTBuffer Overflow

LinuxMedia

Noter

Information Leakage - User Enumeration [Brute-Force Wfuzz]Finding valid users - WfuzzSSTI (Server Side Template Injection) [Failed]JWT Enumeration+9 más

eWPTeWPTXv2OSWEOSCP

LinuxMedia

Obscurity

Information LeakagePython Source Code AnalysisURL Command InjectionKnown Plaintext Attack - Cryptography Challenge+1 más

OSWEeWPTOSCP

LinuxMedia

October

Abusing October CMS (Upload File Vulnerability)Buffer Overflow - Bypassing ASLR + Ret2libc (x32 bits)Buffer Overflow - Ret2libc without ASLR (x32 bits EXTRA)

eWPTBuffer Overflow

LinuxMedia

Olympus

Creating a Python Script with Scapy to Detect if a Host is Active [EXTRA]Creating a Port Scanner with Scapy [EXTRA]Xdebug Exploitation (RCE)Cracking 802.11 - WiFi .cap Capture Analysis with Tshark+4 más

eWPT

LinuxMedia

OnlyForYou

Web EnumerationSubdomain EnumerationInformation LeakagePython Source Code Analysis+13 más

eWPTeWPTXv2OSWE

WindowsMedia

Outdated

SMB EnumerationFollina Exploitation (CVE-2022-30190) + Nishang PowerShell TCP Shell [Remote Code Execution]SharpHound + BloodHound DC EnumerationAbusing AddKeyCredentialLink Privilege [Invoke-Whisker.ps1 - Shadow Credentials]+4 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Passage

CuteNews ExploitationCode AnalysisUSBCreator D-Bus Privilege EscalationPython Exploit Development (AutoPwn)

eWPTOSWEOSCP

LinuxMedia

Pit

Information LeakageSNMP Enumeration (Snmpwalk/Snmpbulkwalk)SeedDMS ExploitationSELinux (Extra)+1 más

OSCPeWPT

LinuxMedia

Poison

Local File Inclusion (LFI)LFI to RCE - Log PoisoningCracking ZIP fileAbusing VNC - vncviewer [Privilege Escalation]

eWPTeJPT

LinuxMedia

Popcorn

Web EnumerationFile Upload Vulnerability - Abusing Content-Type to Upload Malicious PHP File (RCE)Kernel Exploitation (2.6.31) - DirtyCow (/etc/passwd) [Privilege Escalation]

eWPTeJPT

WindowsMedia

Pov

Subdomain EnumerationLFI through CV DownloadAbusing ViewState IIS Parameter + web.config secrets in order to achieve RCEPlaying with ysoserial.net to create a serialized payload+5 más

eWPTOSWEOSCP

WindowsMedia

Puppy

Kerberos User Enumeration (Kerbrute)SMB EnumerationDomain Users Enumeration via RPCClientTesting AS-REP Roast and Kerberoasting attack+11 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

WindowsMedia

Querier

Macro Inspection (Olevba2)MSSQL Hash Stealing [Net-NTLMv2] (xp_dirtree)Abusing MSSQL (xp_cmdshell)Cached GPP Files (Privilege Escalation)

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Ransom

eWPT

LinuxMedia

RedCross

Subdomain EnumerationXSS Injection - Stealing the admin user cookieInjection RCEAbusing Custom Binary - Binary Exploitation+1 más

eWPTBuffer Overflow

WindowsMedia

Resolute

RPC Enumeration - Abusing querydispinfoCrackMapExec SMB Authentication SpryingAbusing WinRM - EvilWinRMInformation Leakage+3 más

OSCPOSEPeCPPTv3Active Directory

LinuxMedia

Retired

LFI (Local File Inclusion) - Filter Bypass [Abusing str_replace]Buffer Overflow x64 - Full RELRO, NX, PIE, ASLR Bypass [ROP - Abusing a writable section]Creating an Autopwn Script [Python Scripting]Abusing System Services [User Pivoting]+1 más

Buffer OverflowOSCP

LinuxMedia

Runner

Subdomain EnumerationJetBrains TeamCity 2023.05.3 Exploitation (RCE) [CVE-2023-42793]Information LeakageCracking Hashes+2 más

eWPTeWPTXv2OSWEOSCP

LinuxMedia

Schooled

VHost Brute ForceMoodle EnumerationMoodle - Stored XSSStealing a teacher's session cookie+8 más

eWPTeWPTXv2OSWE

WindowsMedia

Scrambled

Web EnumerationInformation LeakageLdap EnumerationKerberos Enumeration+22 más

OSCPOSEPeCPPTv3eWPTXv2Active Directory

LinuxMedia

Seal

Information Leakage (GitBucket)Breaking Parser Logic - Abusing Reverse Proxy / URI NormalizationExploiting Tomcat (RCE) [Creating malicious WAR]Abusing existing YML Playbook file [Cron Job]+1 más

eWPTeWPTXv2OSCPOSWE

WindowsMedia

SecNotes

User Enumeration (Wfuzz)Reflected XSSStored XSSSQL Injection+4 más

eWPTOSCP

LinuxMedia

Shared

Web EnumerationSQL Injection (SQLI) in a CookieCracking HashesAbusing Cron Job+3 más

eWPTOSCP

LinuxMedia

Shibboleth

Abusing IPMI (Intelligent Platform Management Interface)Zabbix ExploitationMariaDB Remote Code Execution (CVE-2021-27928)

eWPTOSCP

WindowsMedia

Silo

Abusing Oracle DatabaseOracle Database Attacking Tool (ODAT) InstallationOracle DB Exploitation - Identifying valid SIDs (sidguesser)Oracle DB Exploitation - Discovering valid credentials (passwordguesser)+3 más

OSCP

LinuxMedia

Sneaky

Web EnumerationSQL Injection - Login BypassInformation LeakageUDP Scan with Nmap+7 más

OSEDBuffer Overflow

LinuxMedia

SneakyMailer

Information LeakageMass Emailing Attack with SWAKSPassword TheftAbusing Pypi Server (Creating a Malicious Pypi Package)+1 más

OSCP

WindowsMedia

Sniper

Local File Inclusion (LFI)Remote File Inclusion (RFI) [Failed]Remote File Inclusion through SMB Server (net usershare technique) [Success]Creating a webshell and achieving remote command execution [RCE]+3 más

OSCPeWPT

LinuxMedia

SolidState

Abusing James Remote Administration ToolChanging a user's email passwordInformation LeakageEscaping Restricted Bash (rbash)+2 más

eJPT

LinuxMedia

Stratosphere

Apache Struts Exploitation (CVE-2017-5638)Python Library Hijacking (Privilege Escalation)

eWPTeJPT

WindowsMedia

StreamIO

SSL Certificate EnumerationSMB EnumerationKerberos User Enumeration (Kerbrute)ASREPRoast Attack (Failed)+17 más

eWPTeWPTXv2OSWEOSCPOSEP+2

LinuxMedia

Strutted

Information LeakageApache Struts Exploitation [CVE-2024-53677]Apache Struts, Interceptors and OGNL Expression Language ExplainedAbusing File Upload (Malicious JSP File)+1 más

eWPTOSWEeWPTXv2

LinuxMedia

Surveillance

CraftCMS Exploitation (CVE-2023-41892) - RCEInformation LeakageCracking HashesZoneMinder + Sudoers Exploitation (Privilege Escalation)

eWPT

LinuxMedia

TartarSauce

RFI (Remote File Inclusion) - Abusing Wordpress Plugin [Gwolle-gb]RFI to RCE (Creating our malicious PHP file)Abusing Sudoers Privilege (Tar Command)Abusing Cron Job (Privilege Escalation) [Code Analysis] [Bash Scripting]

eWPTOSWEOSCP

LinuxMedia

Tenet

PHP Deserialization AttackAbusing Race Condition

eWPT

LinuxMedia

Tenten

Wordpress EnumerationCV filename disclosure on Job-Manager Wordpress Plugin [CVE-2015-6668]Steganography Challenge (Steghide)Cracking Hashes [Protected SSH Private Key]+1 más

eWPTeJPT

LinuxMedia

TheNotebook

Abusing JWT (Gaining privileges)Abusing Upload FileDocker Breakout [CVE-2019-5736 - RUNC] (Privilege Escalation)

eWPTOSCPOSWE

LinuxMedia

Time

Jackson CVE-2019-12384 Exploitation - SSRF to RCEAbusing Cron Job [Privilege Escalation]

eWPTOSWEOSCP

LinuxMedia

Timing

Local File Inclusion (LFI)Using Wrappers - Base64 WrapperCode InspectionRole manipulation+2 más

eWPTeWPTXv2OSWE

LinuxMedia

Trickster

Subdomain EnumerationInformation Leakage - Github project rebuild with GitHackPrestaShop 8.1.5 Exploitation - [CVE-2024-34716]Database Enumeration+7 más

eWPTeWPTXv2OSWEeCPPTv3

LinuxMedia

Undetected

Virtual Hosting EnumerationAbusing Directory ListingPHPUnit 5.6 Exploitation (CVE-2017-9841) [RCE]Backup Inspection+3 más

eWPTOSWE

LinuxMedia

Unicode

JWT EnumerationJWT - Claim Misuse VulnerabilityJSON Web Key Generator (Playing with mkjwk)Forge JWT+6 más

eWPTeWPTXv2OSWE

LinuxMedia

Union

SQLI (SQL Injection) - UNION InjectionSQLI - Read FilesHTTP Header Command Injection - X-FORWARDED-FOR [RCE]Abusing sudoers privilege [Privilege Escalation]

eWPTeJPT

LinuxMedia

UpDown

Web EnumerationSubdomain Discovery (gobuster)Finding .git directory with nmap (http-enum)Playing with git-dumper in order to get the files of the project+8 más

OSWEeWPTeWPTXv2OSCP

LinuxMedia

Waldo

LFI (Local File Inclusion) - Filter BypassObtaining a user's SSH private key through the LFIEscaping from a containerRestricted Shell Bypass+1 más

eWPTeJPTOSCP

LinuxMedia

Wall

Abusing Basic Auth PathAbusing Centreon API - User Brute Force (Wfuzz)Abusing Centreon Login Panel - Python ScriptingCentreon 19.04 Exploitation [RCE]+3 más

eWPTOSWE

WindowsMedia

Worker

SVN - Subversion EnumerationInformation LeakageVHost Fuzzing - GobusterAzure DevOps Enumeration+6 más

OSCPeWPTeWPTXv2

LinuxMedia

Writer

RPC EnumSQLi Bypass Login + SQL Injection [Database Enumeration]SQLi - File System Enumeration (Abusing load_file)Python Code Analysis+5 más

eWPTeWPTXv2OSWEOSCP

LinuxMedia

Zipping

File uploading abuse (%00 Injection) [Failed]ZipSlip Exploitation Technique for internal reading of filesSQL Injection + Regular Expression Bypass (%0a) + RCE through into outfile instructionCustom binary abuse + Malicious Shared Object (.so) Injection [Privilege Escalation]

eWPTeWPTXv2OSWEOSCP

WindowsDifícil

Acute

Virtual HostingInformation LeakageAbusing Windows PowerShell Web AccessReal-time monitoring of the victim's screen+6 más

OSCPOSEPeCPPTv3Active Directory

LinuxDifícil

AdmirerToo

Subdomain EnumerationAdminer EnumerationSSRF (Server Side Request Forgery) in Adminer [CVE-2021-21311]Abusing redirect to discover internal services+6 más

eWPTeWPTXv2OSWE

LinuxDifícil

Altered

Brute Force Pin / Rate-Limit Bypass [Headers]Type Juggling BypassingSQL Injection (Error Based)SQLI to RCE -> INTO OUTFILE Query+1 más

OSCPeWPTeWPTXv2OSWE

WindowsDifícil

Analysis

SMB EnumerationVirtual HostingSubdomain EnumerationKerberos - User Brute Force Enumeration (kerbrute)+13 más

OSCPOSEPeCPPTv3eWPTeWPTXv2+2

WindowsDifícil

Axlle

SMB EnumerationCreating malicious XLL File (Achieving Command Execution without Using Macros)DLL Execution via Excel.Application RegisterXLL() MethodSending Malicious Office Documents by Mail with Swaks+9 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

WindowsDifícil

Blackfield

SMB EnumerationKerberos User Enumeration (Kerbrute)ASRepRoast Attack (GetNPUsers)Bloodhound Enumeration+7 más

OSCPOSEPeCPPTv3Active Directory

WindowsDifícil

Blazorized

Subdomain EnumerationBlazor Traffic Processor - BurpSuite ExtensionDLL Inspection - AvalonialLSpyInformation Leakage+8 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

WindowsDifícil

Breadcrumbs

Local File Inclusion (LFI) [Abusing file_get_contents]Abusing No RedirectForge PHPSESSID and getting valid CookiesForge JWT+6 más

eWPTeWPTXv2OSWEOSCP

LinuxDifícil

Carpediem

Web EnumerationParameter Fuzzing with WfuzzMass Assignment Attack - Giving admin privileges to our userCreating a HTML form with OpenAI in order to exploit file uploading+12 más

eWPTeWPTXv2OSWEeCPPTv3eCPTXv2+1

LinuxDifícil

Charon

SQLI (SQL Injection) - Union InjectionSQLI - WAF BypassCracking HashesUploading a file abusing a hidden property+4 más

eWPTOSWEOSCP

WindowsDifícil

Conceal

UDP ScanSNMP EnumerationEnumerating Ike Hosts - ike-scanInstalling and configuring Strongswan (IPSEC/VPN) [ipsec.secret/ipsec.conf]+4 más

OSCPeWPT

WindowsDifícil

Control

SQL Injection [SQLI] - Error BasedAdvanced Bash Scripting (EXTRA)SQLI to RCE (Into Outfile - PHP File Creation)ConPtyShell (Fully Interactive Reverse Shell for Windows)+4 más

OSCPOSWEeWPT

LinuxDifícil

CrimeStoppers

Local File Inclusion (LFI)LFI - Base64 Wrapper [Reading PHP files]LFI to RCE - ZIP WrapperThunderbird - Password Extraction & Reading Messages (firefoxpwd tool)+1 más

eWPTOSWE

LinuxDifícil

Dab

Applying brute force to an authentication panel - Wfuzz (Discovering valid password)Applying cookie discovery with Wfuzz (Brute Force)SSRF - Server Side Request Forgery (Internal Port Discovery) - WfuzzAbusing Memcached - Getting stored credentials+5 más

eWPTOSWEOSCP

LinuxDifícil

Drive

IDOR Exploitation + OOP Python ScriptingInformation LeakageSqlite3 file enumerationCracking Hashes+4 más

eWPTOSWEOSED

LinuxDifícil

EarlyAccess

XSS InjectionXSS Cookie StealingCookie HijackingCode Analysis+8 más

eCPPTv3eCPTXv2OSCPeWPTeWPTXv2+1

LinuxDifícil

Ellingson

Abusing Werkzeug Debugger (RCE)Binary ExploitationAdvanced Buffer Overflow x64 - ROP / ASLR Bypass (Leaking Libc Address + Ret2libc + Setuid)

Buffer OverfloweWPT

LinuxDifícil

Falafel

Information LeakageSQL Injection (SQLI) - Abusing substring functionObaining user passwords [Python Scripting]PHP Type Juggling Exploitation (0e hash collision)+3 más

eWPTeWPTXv2OSWE

LinuxDifícil

Feline

Information leakage in error messageRCE by deserialization in Apache Tomcat with PersistentManager - CVE-2020-9484 [RCE]Playing with Ysoserial - CommonsCollections2Manipulating our session cookie (JSESSIONID) + Directory Path Traversal+5 más

eWPTeWPTXv2eCPPTv3OSWE

LinuxDifícil

Flujab

SSL Cert EnumerationCookies Manipulation - Gaining access to restricted areas of the siteAbusing Mailer ConfigurationMail server hijacking - Intercepting mails with Python+8 más

eWPTeWPTXv2OSWEOSCP

WindowsDifícil

Freelancer

SMB EnumerationWeb EnumerationKerberos User Enumeration (kerbrute)Attempting User Enumeration with netexec (RID Cycling Attack)+28 más

OSCPOSEPeCPPTv3eCPTXv2eWPT+3

WindowsDifícil

Hancliffe

Abusing URI NormalizationServer Side Template Injection (SSTI) [NUXEO Vulnerability]Unified Remote 3 Exploitation (RCE)Decrypt Mozilla protected passwords+2 más

Buffer OverflowOSEDOSCPeWPTeWPTXv2+1

WindowsDifícil

Helpline

ManageEngine ServiceDesk Plus User EnumerationManageEngine ServiceDesk Plus Authentication BypassingManageEngine ServiceDesk Plus Remote Code ExecutionDisabling Windows Defender (PowerShell)+12 más

eWPTOSCP

LinuxDifícil

Holiday

SQL Injection [SQLI] - SqliteXSS Injection - Bypassing Techniques (fromCharCode) + Own Javascript Code + Session Cookie TheftAbusing existing parameters - RCENodeJS npm - Privilege Escalation

eWPTeWPTXv2OSWEOSCP

LinuxDifícil

Joker

SQUID Proxy EnumerationUDP EnumerationAbusing TFTP - Getting Squid Proxy CredentialsCracking Hashes+5 más

eWPTeWPTXv2OSWEOSCP

LinuxDifícil

Kotarak

Server Side Request Forgery (SSRF) [Internal Port Discovery]Information Leakage [Backup]Tomcat Exploitation [Malicious WAR]Dumping hashes [NTDS]+1 más

eWPTeWPTXv2OSWEeCPPTv3eCPTXv2

WindowsDifícil

Mantis

Database Enumeration (DBeaver)Bloodhound Enumeration (bloodhound-python)Exploiting MS14-068 (goldenPac.py) [Microsoft Kerberos Checksum Validation Vulnerability]

OSCPOSEPeCPPTv3Active Directory

LinuxDifícil

Moderators

Web EnumerationInformation LeakageInsecure Direct Object Reference (IDOR) in order to discover valid reportsAbusing File Upload - Uploading a PHP file disguised as PDF + Obfuscated Web Shell (Weevely3)+12 más

eWPTeWPTXv2OSWE

LinuxDifícil

Monitors

Information LeakageWordPress Plugin Exploitation (Spritz)Local File Inclusion (LFI)Cacti 1.2.12 Exploitation+2 más

eCPPTv3eWPTeWPTXv2OSCPOSWE

WindowsDifícil

Napper

IIS EnumerationSubdomain EnumerationInformation LeakageAbusing NAPLISTENER Backdoor+7 más

OSED

WindowsDifícil

Object

Jenkins Exploitation (New Job + Abusing Build Periodically)Jenkins Exploitation (Abusing Trigger builds remotely using TOKEN)Firewall Enumeration TechniquesJenkins Password Decrypt+4 más

OSCPOSEPeCPPTv3OSWEActive Directory

WindowsDifícil

Office

SMB EnumerationWeb EnumerationJoomla 4.2.7 Exploitation - Leak Password [CVE-2023-23752]Kerberos User Enumeration (kerbrute)+18 más

OSCPOSEPeCPPTv3eCPTXv2Active Directory

LinuxDifícil

Oouch

FTP EnumerationAbusing OAuth EndpointVirtual Hosting EnumerationBreaking OAuth Logic - Authorize as Administrator+9 más

eWPTeWPTXv2eCPPTv3OSWE

LinuxDifícil

Overflow

Padding Oracle Attack (Padbuster)Padding Oracle Attack (Bit Flipper Attack - BurpSuite) [EXTRA]Cookie HijackingSQL Injection (Generic UNION query) [SQLI] - Error Based+7 más

OSWEeWPTeWPTXv2Buffer Overflow

LinuxDifícil

Overgraph

Virtual HostingInformation LeakageOpen Redirect ExploitationOpen Redirect to XSS (Cross-Site Scripting) - Playing with eval/atob+40 más

eWPTeWPTXv2OSWEOSCP

LinuxDifícil

Oz

SQL Injection (SQLI)Server Side Template Injection (SSTI) (RCE)Abusing KnockdNetwork enumeration techniques using bash oneliners+3 más

eWPTeWPTXv2OSWEeCPPTv3eCPTXv2

LinuxDifícil

Phoenix

Asgaros Forum Exploitation - Unauthenticated Blind Time Based SQL Injection (SQLI)Download From Files 1.48 - Arbitrary File Upload (WordPress Plugin Exploitation)Cracking HashesAbusing PAM configuration for the Secure Shell service (SSH)+1 más

eWPTOSWEOSCP

LinuxDifícil

Player

Subdomain EnumerationJWT EnumerationInformation Leakage - Abusing No RedirectPlaying with BFAC (Backup File Artifacts Checker) in order to find a configuration file+6 más

eWPTOSWEOSCP

LinuxDifícil

Pressed

Password GuessingWordPress Abusing RPC CallsWordPress XML-RPC Create WebShellPwnKit Exploit

OSCPeWPTeWPTXv2OSWE

LinuxDifícil

Quick

HTTP/3 EnumerationRecompiling curl to accept HTTP/3 requestsInformation LeakageBrute force in authentication panel+4 más

eWPTeWPTXv2OSWE

WindowsDifícil

RE

Creating a malicious office document (libreoffice) - Playing with MacrosMacros Obfuscation - Bypassing YARA RulesConPtyShell - Enhancing our console mobilityAbusing defined task in the system+10 más

OSCP

WindowsDifícil

Reel

Metadata InspectionSMTP Enumeration (VRFY Manual vs smtp-user-enum)Crafting a malicious RTF document [PHISHING] [CVE-2017-0199]Sending an email to get command execution [RCE]+6 más

OSCPOSEPeCPPTv3Active Directory

WindowsDifícil

Reel2

Information LeakageOWA Password Spray - SprayingToolkitCreating a user list - spindrift.pyApplying brute force to OWA - atomizer.py+7 más

OSCPOSEPeCPPTv3Active Directory

LinuxDifícil

Scavenger

Domain Zone Transfer (AXFR)SQLI (Error Based) [WHOIS]PCAP Analysis (Tshark && Wireshark)Abusing Rootkit

eWPT

WindowsDifícil

Search

Information Leakage - Password in picture (wtf?)RPC Enumeration (rpcclient)Ldap Enumeration (ldapdomaindump)Bloodhound Enumeration+8 más

OSCPOSEPeCPPTv3Active Directory

LinuxDifícil

Shrek

Information LeakageSteganography Challenge - Hidden message in the spectrogram of an audio file (Audacity)Cryptography Challenge - Elliptic Curve (py-seccure)Abusing Sudoers Privilege - User Pivoting (Vi)+1 más

OSCP

LinuxDifícil

Static

Compressed File Recomposition (Fixgz)Abusing TOTP (Python Scripting - NTP protocol)Playing with Static RoutesXDebug Exploitation (RCE)+2 más

eWPTeJPTeCPPTv3eCPTXv2OSWE+1

LinuxDifícil

Talkative

Jamovi EnumerationRj Editor Code Execution (Reverse Shell)Information LeakageBolt - Access to the administration panel+8 más

eWPTOSWEeCPPTv3

WindowsDifícil

Tally

SharePoint EnumerationInformation LeakagePlaying with mounts (cifs, curlftpfs)Abusing Keepass+2 más

OSCP

LinuxDifícil

Tentacle

DNS Enumeration (dnsenum)SQUID ProxyWPAD EnumerationOpenSMTPD v2.0.0 Exploit+3 más

eCPPTv3eCPTXv2OSCPOSEPeWPT+3

LinuxDifícil

Travel

Git Project Recomposition (.git) [Git-Dumper]Abusing WordPress (SimplePie + Memcache) [PHP Code Analysis]Memcache Object Poisoning (Gopherus + Deserialization Attack + RCE)LDAP Enumeration (Apache Directory Studio - GUI)+2 más

eWPTeWPTXv2OSWEOSCP

LinuxDifícil

Unbalanced

Rsync & EncFSEncfs2john to obtain a Hash we can crackCracking HashesSquid Proxy Enumeration+11 más

eWPTeWPTXv2OSWEeCPPTv3eCPTXv2

LinuxDifícil

Unobtainium

Inspecting custom applicationCode AnalysisInformation LeakageLocal File Inclusion (LFI)+9 más

eWPTeWPTXv2OSWEeCPPTv3eCPTXv2

LinuxDifícil

Yummy

Web EnumerationJWT EnumerationDirectory Traversal + Local File InclusionAbusing Cryptographic Key Generation+10 más

eWPTeWPTXv2OSWE

LinuxDifícil

Zetta

Information LeakageFTP RFC2428 EnumerationAbusing RFC-2428 via EPRT commandAbusing RFC-2428 - Machine IPV6 address information leakage+9 más

OSCP

WindowsInsane

Anubis

SSL Certificate Inspection - OpenSSLXSS (Cross-Site Scripting)ASP SSTI (Server Side Template Injection) (HackingDream ASP Resource) [RCE]InvokePowerShellTcp.ps1 - PowerShell Reverse Shell+21 más

OSCPOSEPeWPTeWPTXv2OSWE+2

WindowsInsane

APT

RPC EnumerationAbusing RPC - IOXIDResolver.py (Obtaining the IPV6 machine address)Port scanning with nmap via ipv6SMB enumeration via ipv6+15 más

OSCPOSEPeCPPTv3Active Directory

LinuxInsane

Ariekei

ImageTragick Exploitation (Specially designed '.mvg' file)ShellShock Attack (WAF Bypassing)Abusing Docker privilegePIVOTING

eCPPTv3eCPTXv2eWPTOSWE

WindowsInsane

Bankrobber

Blind XSS InjectionStealing the session cookie by XSS injectionSQLI - Error BasedSQLI - File Access+3 más

eWPTeWPTXv2OSWEOSCP

LinuxInsane

Bookworm

XSS Injection + CSP BypassAbusing File Upload + Indirect XSS InjectionIDOR ExploitationProfile and order enumeration via XSS+7 más

eWPTeWPTXv2OSWEOSCP

LinuxInsane

Brainfuck

TLS Certificate InspectionWordPress EnumerationWordPress WP Support Plus Responsive Ticket System Exploitation - Gaining access as admin userInformation Leakage - Data type conversion for displaying a password in cleartext+5 más

eWPTOSCP

LinuxInsane

Crossfit

FTP SSL Certificate EnumerationXSS InjectionSubdomain Enumeration through the Origin Header [Access-Control-Allow-Origin]Accessing internal websites through XSS - Creating a javascript file+11 más

eWPTXv2OSWE

LinuxInsane

CTF

LDAP InjectionLDAP Injection - Discovering valid usernamesLDAP Injection - Attribute Brute Force [Discovering valid LDAP fields]LDAP Injection - Obtaining OTP Seed+3 más

eWPTeWPTXv2OSWE

WindowsInsane

Fighter

Advanced SQL Injection [SQLI] - MS SQL Server 2014 [Bypass Protection] [Python Scripting] [RCE]Abusing Cron JobsCapcom Rootkit Privilege EscalationBinary and DLL Analysis in order to get root.txt [Radare2]

eWPTeWPTXv2OSWEOSCP

LinuxInsane

Fortune

Command InjectionOpenSSL - Creating a new keyOpenSSL - Creating a CSR file (Certificate Signing Request)OpenSSL - Creating a PEM file+4 más

eWPTeWPTXv2OSWE

LinuxInsane

Fulcrum

API Enumeration - Endpoint Brute ForceAdvanced XXE Exploitation (XML External Entity Injection)XXE - Custom EntitiesXXE - External Entities+15 más

eWPTeWPTXv2eCPPTv3eCPTXv2OSWE+3

WindowsInsane

Hackback

Subdomain EnumerationInformation LeakagePassword FuzzingGophish Template Log Poisoning (Limited RCE)+9 más

eWPTeWPTXv2OSWEOSCPeCPTXv2

LinuxInsane

Jail

Code AnalysisBinary ExploitationBuffer Overflow x32 - Socket Re-Use Shellcode TechniqueGDB Tips+4 más

Buffer OverflowOSCP

LinuxInsane

MagicGardens

Web EnumerationTesting the Payment SystemTricking the Payment System so that the Information Passes through our ServerOperating as a Fake Bank to Give an Alternative Response+9 más

eWPTeWPTXv2OSWEOSEDBuffer Overflow

WindowsInsane

Minion

Server Side Request Forgery (SSRF) [Internal Port Discovery]ICMP Reverse Shell (PowerShell) [Firewall Bypassing]Alternate Data Streams (ADS)Firewall Evasion [Firewall Rules Manipulation]

eWPTXv2OSWE

LinuxInsane

Mischief

SNMP EnumerationInformation LeakageIPV6ICMP Data Exfiltration (Python Scapy)

OSCPeWPTeWPTXv2eCPPTv3eCPTXv2+1

WindowsInsane

MultiMaster

SQLI (SQL Injection) - Unicode InjectionWAF BypassingAdvanced Python Scripting - Creation of an automation tool to handle Unicode in SQL injectionDatabase enumeration through the previously created utility+20 más

OSCPOSEPeCPPTv3eWPTeWPTXv2+2

LinuxInsane

Nightmare

HTML InjectionXSS InjectionSQL Injection (SQLI) - Error BasedOpenSSH <= 6.6 SFTP misconfiguration universal exploit (RCE)+5 más

eWPTOSWE

LinuxInsane

Reddish

Abusing Node-RedChisel & Socat UsageRedis-Cli ExploitationRsync Abusing+4 más

eCPPTv3eCPTXv2

LinuxInsane

Sink

HTTP Request Smuggling Exploitation (Leak Admin Cookie)Cookie HijackingInformation LeakageAWS Enumeration+3 más

eWPTeWPTXv2OSWE

WindowsInsane

Sizzle

SMBCacls EnumerationMalicious SCF File (Getting NetNTLMv2 Hash)Ldap Enumeration (LdapDomainDump)Abusing Microsoft Active Directory Certificate Services+11 más

OSCPOSEPeCPPTv3Active Directory

LinuxInsane

Stacked

Virtual Hosting EnumerationReferer XSS InjectionXSS - Creating JS file (accessing unauthorized resources)Checking/Reading mail through XSS injection+8 más

eWPTeWPTXv2OSWE

LinuxInsane

Toby

Abusing GOGS (Project Enumeration)Static Code Analysis (Finding a backdoor with php-malware-scanner)Code deofuscationReverse shell through backdoor+12 más

eWPTOSWEeWPTXv2eCPPTv3eCPTXv2

Cargando...