A Windows machine where anonymous FTP access begins a credential chain — through a database file, an email archive, and a telnet session — ending with stored administrator credentials ready to leverage.

A Linux machine where an unauthenticated FTP server vulnerability opens the initial foothold, and an archive extraction flaw in a Python script allows writing files outside intended boundaries for privilege escalation.

A Windows machine where a personal access token buried in a Gitea repository’s commit history unlocks a CI/CD pipeline — and a commercial PDF utility’s privilege escalation flaw delivers the final blow.

A Linux machine where a path traversal in a popular metrics platform leaks its own database — and a misconfigured container environment offers an unconventional route to the underlying host.

A Linux machine where a vulnerable CMS yields credentials through a time-based blind injection — and membership in an unexpected system group enables hijacking a binary that runs automatically on every SSH login.

A Linux machine running a game server panel with a file inclusion flaw that leaks database credentials — and a two-CVE privilege escalation chain in a disk management daemon reaches root.

A Windows machine where anonymous SMB access exposes virtual disk images containing registry hives — and a remote management tool’s encrypted credential store yields the final administrator password.

A Windows Active Directory machine where an outdated Group Policy misconfiguration leaks an encrypted password — and a Kerberos ticket attack against a highly privileged service account completes the path to Domain Admin.

A Linux machine where a mass assignment vulnerability in a CMS elevates a regular account to admin — and SSH keys stored in a cloud bucket, combined with a fact-gathering tool, lead to root.

A Linux machine themed around an older version of HackTheBox — where deobfuscating JavaScript reveals an invite code, an API privilege flaw escalates access, and a kernel vulnerability finalizes root.