The target is compromised via Remote Code Execution (RCE) in CuteNews v2.1.2 through a vulnerable avatar upload feature. Privilege escalation is achieved by abusing SUID permissions on /usr/sbin/hping3, enabling root-level command execution.

This lab demonstrates the exploitation of a misconfigured SMB share and scheduled cron jobs to achieve remote code execution. By uploading malicious files to an open SMB share, the attacker leverages a cron job to execute them. Privilege escalation is accomplished through a misconfigured SUID binary, zsh, which provides root access.

In this lab, we exploit an authenticated remote code execution vulnerability in the Nagios XI monitoring software. The application is misconfigured to run with root privileges, allowing us to escalate immediately to root once the vulnerability is exploited.

This lab demonstrates how to exploit a remote code execution (RCE) vulnerability in a vulnerable version of sar2html. By discovering the application via the robots.txt file and leveraging the RCE, you gain an initial shell. Privilege escalation is achieved by exploiting a cronjob misconfiguration that allows overwriting a custom .sh script executed as root.

This lab challenges you to exploit an exposed FTP service to uncover a hidden SSH private key, granting initial access to the system. From there, privilege escalation is achieved by leveraging a misconfigured SUID binary, cpulimit, to execute arbitrary commands as root.

This lab involves exploiting an SQL Injection vulnerability to leak credentials for a web application, leading to a file upload vulnerability that provides initial access. Privilege escalation is achieved via user password disclosure and multiple sudo misconfigurations, ultimately granting root access through tools like pkexec or time.

In this lab, an anonymous FTP server leaks a password-protected archive containing a private SSH key. The key allows initial access to the system, which is further exploited by recovering user credentials from a MySQL history file. Privilege escalation is achieved by exploiting unrestricted sudo access for the user.

In this lab, attackers exploit weak credentials disclosed through a web application to gain SSH access to the system. Once a foothold is established, local privilege escalation is achieved by exploiting a vulnerable Linux kernel version (3.13.0-32-generic) using the overlayfs exploit.

In this lab, you will exploit a system by brute-forcing credentials for the SSH service and escalating privileges by abusing misconfigured SUID permissions on /usr/bin/gdb. The lab highlights scenarios involving password brute-forcing and leveraging SUID binaries for privilege escalation.

In this lab, the target is exploited through bypassing PHP authentication, exploiting a local file inclusion (LFI) vulnerability, and cracking weak credentials. Privilege escalation is achieved by bypassing a directory restriction and leveraging misconfigured sudo permissions to execute arbitrary scripts as root.

This lab demonstrates exploiting a remote code execution vulnerability in SmarterMail build 6985 to gain SYSTEM-level access on a Windows server. Learners will identify the application version, leverage an RCE exploit, and use a reverse shell payload to compromise the target. This lab emphasizes web application exploitation and highlights the risks of unpatched software.

This lab involves exploiting a disclosed SSH private key to gain initial access to a user account. The privilege escalation phase utilizes misconfigured SUID permissions on /bin/bash, allowing the user to escalate to root privileges.

We've been hit by Ransomware again, but this time the threat actor seems to have upped their skillset. Once again a they've managed to encrypt a large set of our files. It is our policy NOT to negotiate with criminals. Please recover the files they have encrypted - we have no other option! Unfortunately our CEO is on a no-tech retreat and so can't be reached.

Forela needs your help! A whole portion of our UNIX servers have been hit with what we think is ransomware. We are refusing to pay the attackers and need you to find a way to recover the files provided.

"Legionaries in an apocalypse"

"Ransomware as a Service groups surfacing in 2023/24"

"Billy Joel made a Wordpress blog! "

"Want to be a part of the elite club of CyberHeroes? Prove your merit by finding a way to log in!"

"Time to enter the warren..."

"An Easy Boot2Root box for beginners"

"An eerie expedition into the world of online retail, where the most sinister and spine-tingling inventory reigns supreme. Can you take it down?"

"Misconfigs conquered, identities claimed."

"Exploit Ubuntu, like a Turtle in a Hurricane"

"Intermediate level CTF. Just enumerate, you'll get there."

"Can you find your way into the Valley?"

Tracing a phishing kit vendor across the internet

“Challenge showcasing a web app and simple privilege escalation. Can you find the glitch?”

OPSec just isn’t their thing.

“Can you bypass the login form?”

“Can you exfiltrate the root flag?”

"Do not trust the horse, Trojans! Whatever it is, I fear the Danaans [Greeks], even those bearing gifts."

"A popular juice shop has been breached! Analyze the logs to see what had happened…"

A new scam born from the ashes of a tarnished crypto market and Twitter buzz

“You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!”

“A Rick and Morty CTF. Help turn Rick back into a human!”

“What happens when some broke CompSci students make a password manager?”