Summary This was an easy android box centered around enumerating an android system, as well as using knowledge of adb features to root the device. Foothold We start out by doing a port scan with n...

Summary This quite an interesting easy box, or at least the foothold step is. It starts out with using an scf file to force the target system to connect to the attacker system when opened. The atta...

Summary This box focuses a lot on enumeration and source code review. We can abuse an api to achieve remote code execiton on the target system. We can then pivot to a different user via an Authenti...

Summary This box focuses on exploiting a Windows machine hosting an IIS service as well as an ftp service which gives write access to the IIS directory. Metasploit can then be used to gain a footho...

Summary This box was a very interesting box centered around a little .apk forensics as well as building valid and signed apks. We used api tokens found in the decompiled apk to access a let’s chat ...

Summary This was a pretty easy box. An IDOR in the webapplication gives a pcap file which includes SSH credentials. Once logged in running linpeas reveals that python has setuid capabilities, allow...

Summary This box includes XXE which gives us access to read local files. When reading these files we get access to credentials that can be used as SSH login. A python script is then available on th...

Summary Bolt is a box which is mainly centered around forensics and enumeration, especially when it comes to Docker. However techniques such as source code analysis and SSTI exploitation is also pr...

Foothold When first visiting the site, we get greeted by this page: It seems that the site is advertising a pentest tool, and they even inform us that it was used on this very server! Performin...

Summary This was one of the easier boxes on the platform. With comments left in the HTML source code and a SUID binary giving root access immediatly. In any case, you can learn some fuzzing on this...