A Linux machine where a help desk application’s unauthenticated GraphQL endpoint exposes user credentials — and an authenticated SQL injection, combined with an older kernel vulnerability, escalates to root.

A Linux machine where weak database security and an internal admin panel lead to a foothold, with a creative Docker escape to reach the host as root.

A Linux machine running a Joomla site where a hint hidden in the page source leads to credentials — and a password buried under layers of nested compression unlocks a path to a higher-privilege user.

A Linux machine where directory enumeration uncovers a CGI script in an exposed cgi-bin directory — and a classic Bash vulnerability allows injecting commands through a crafted HTTP header.

A Linux machine named after its core vulnerability — a memory disclosure flaw in OpenSSL leaks just enough data to decrypt an encrypted RSA key found hiding in the web server’s directory listing.

A Windows machine where anonymous FTP access begins a credential chain — through a database file, an email archive, and a telnet session — ending with stored administrator credentials ready to leverage.

A Linux machine where an unauthenticated FTP server vulnerability opens the initial foothold, and an archive extraction flaw in a Python script allows writing files outside intended boundaries for privilege escalation.

A Windows machine where a personal access token buried in a Gitea repository’s commit history unlocks a CI/CD pipeline — and a commercial PDF utility’s privilege escalation flaw delivers the final blow.

A Linux machine where a path traversal in a popular metrics platform leaks its own database — and a misconfigured container environment offers an unconventional route to the underlying host.

A Linux machine where a vulnerable CMS yields credentials through a time-based blind injection — and membership in an unexpected system group enables hijacking a binary that runs automatically on every SSH login.