This module equips learners with essential web reconnaissance skills, crucial for ethical hacking and penetration testing. It explores both active and passive techniques, including DNS enumeration, web crawling, analysis of web archives and HTTP headers, and fingerprinting web technologies.
A Linux machine where an XSLT stylesheet processor accepts attacker-controlled input — and the ability to write arbitrary files, combined with a scheduled task and a vulnerable system utility, leads to root.
A Windows domain controller where SQL Server impersonation exposes a cracked hash — and a recently disclosed Active Directory attack against delegated service accounts enables a complete domain takeover.
A healthcare integration platform exposes an unpatched RCE, but cracking a non-standard password scheme is only the halfway point — getting to root means finding the flaw hidden inside a server that claims to be safe.
A Linux machine where weak database security and an internal admin panel lead to a foothold, with a creative Docker escape to reach the host as root.
A Linux machine where a help desk application’s unauthenticated GraphQL endpoint exposes user credentials — and an authenticated SQL injection, combined with an older kernel vulnerability, escalates to root.
A Linux machine running a Joomla site where a hint hidden in the page source leads to credentials — and a password buried under layers of nested compression unlocks a path to a higher-privilege user.
A Linux machine where directory enumeration uncovers a CGI script in an exposed cgi-bin directory — and a classic Bash vulnerability allows injecting commands through a crafted HTTP header.
A Linux machine named after its core vulnerability — a memory disclosure flaw in OpenSSL leaks just enough data to decrypt an encrypted RSA key found hiding in the web server’s directory listing.
Version 1.0