VulnEscape is an Easy Difficulty Windows machine where users exploit a Remote Desktop Server to connect as KioskUser0, bypass restrictions using Microsoft Edge, and uncover a password to gain admin access and capture the root flag.

This blog post explains cross-session relay attacks, covering COM/DCOM basics and authentication flaws. It details how attackers exploit weak configurations to relay credentials.

Shibuya is a hard Windows machine that requires extensive enumeration across multiple services and accounts. The attack chain involves exploiting exposed protocols, credential discovery, and lateral movement. Privilege escalation is achieved through abusing Active Directory Certificate Services.

Cat is a medium-difficulty Linux machine featuring a custom PHP web application vulnerable to XSS, which allows cookie hijacking and privilege escalation. A SQL injection in a SQLite database enables remote code execution and access to internal logs, which leak plaintext credentials. These are used to access a vulnerable Gitea instance (CVE-2024-6886), ultimately leading to the discovery of root credentials in a private repository.

Titanic is an easy Linux machine with a booking site and a Gitea instance. An arbitrary file read vulnerability allows access to Gitea's SQLite database, leading to cracked SSH credentials. A scheduled script using a vulnerable magick binary (CVE-2024-41817) is exploited for root access.

Cicada is an excellent beginner-friendly Windows box designed for those new to Windows pentesting, without requiring any knowledge of Active Directory or its attack vectors and strategies. It focuses on the early stages of enumeration, which are essential for tackling more advanced machines, as well as some basic manual checks you can perform once you obtain a user shell.

This is an insane Windows machine with one of the largest attack surfaces I’ve ever encountered on a single target. One could even argue that it deserves to be published as an Endgame or perhaps even a mini Pro Lab.

"Trickster" is a medium-difficulty Linux machine on HackTheBox that challenges you with technologies like Git, MySQL, Docker, and vulnerabilities such as SSTI and CSRF. This write-up covers the key steps and techniques I used to exploit the machine, highlighting the creative enumeration and exploitation required to capture the flags.