Reactor is a Linux machine running a Next.js monitoring dashboard vulnerable to a server-side RCE exploit. Getting in requires chaining a public CVE with credential recovery from a local database. Root comes down to abusing a privileged Node.js process left listening on a debug port.
This box involves exploiting a known deserialization vulnerability in a self-hosted ML platform, then chaining it with a misconfigured sudo permission to escalate privileges via a malicious PyTorch model file.
A Linux machine hiding multiple internal web services — chaining two vulnerabilities in an AI workflow platform breaks out of a Docker container, and a symlink attack against a self-hosted Git service delivers root.
This module is designed to help you understand and learn the basic concepts of different password attacks.
A Windows Active Directory environment built around a Read-Only Domain Controller — abusing writable AD attributes and a carefully constructed Kerberos delegation chain leads from a low-privileged domain user to Domain Admin.
A Linux machine where a publicly exposed JAR file reveals a vulnerable internal SOAP service, and a chain of misconfigurations — from exposed credentials to a world-writable binary — leads all the way to root.
The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, performing privilege escalation attacks, and performing post-exploitation.
A Kubernetes cluster left partially exposed — a misconfigured node component allows unauthenticated command execution, and the resulting access is enough to spin up a privileged pod that reads the entire host filesystem.
A Linux machine hosting several internal services across subdomains — a vulnerable management tool hands over an initial foothold, and a misconfigured group permission opens the door to a straightforward Docker escape.
Version 1.0