A Windows domain controller where anonymous LDAP enumeration surfaces a first credential — and a built-in backup privilege allows reading registry hives directly, leading to a full domain compromise.

A Linux machine where an unauthenticated API endpoint leaks password hashes — and an exposed Docker socket inside a container provides a direct bridge to the host system.

A Linux machine where an insecure direct object reference on a PCAP endpoint exposes plaintext credentials — and a Linux capability assigned to the Python interpreter provides a clean, direct path to root.

A Linux machine where an unauthenticated Joomla endpoint leaks database credentials — and a crash reporting utility’s interactive pager becomes an unexpected path to root.

A Linux machine where an exposed network share leaks application source code — and a CRLF injection flaw bypasses role restrictions, kicking off a chain of misconfigurations that leads all the way to root.

A Linux machine where a server-side request forgery vulnerability proxies access to a hidden internal service — and a one-liner privilege escalation through an interactive pager command closes the loop.

A Linux machine where an unauthenticated directory traversal in a monitoring platform exposes database credentials — and a forgotten API token hiding in version history becomes the key to remote code execution.

A Linux machine where a pre-authentication vulnerability in a business intelligence platform grants an initial foothold — and credentials left in environment variables, combined with a kernel flaw, complete the privilege escalation.

A Windows machine where a single request parameter grants a privileged application role — and an internal application’s request forwarding feature, combined with a missing DLL, opens the path to SYSTEM.

A Linux machine where a sandboxed JavaScript environment isn’t quite sandboxed enough — and a subtle shell scripting flaw in a privileged backup script turns cracked credentials into root access.