A Linux machine running a game server panel with a file inclusion flaw that leaks database credentials — and a two-CVE privilege escalation chain in a disk management daemon reaches root.

A Windows machine where anonymous SMB access exposes virtual disk images containing registry hives — and a remote management tool’s encrypted credential store yields the final administrator password.

A Windows Active Directory machine where an outdated Group Policy misconfiguration leaks an encrypted password — and a Kerberos ticket attack against a highly privileged service account completes the path to Domain Admin.

A Linux machine themed around an older version of HackTheBox — where deobfuscating JavaScript reveals an invite code, an API privilege flaw escalates access, and a kernel vulnerability finalizes root.

A Linux machine where a mass assignment vulnerability in a CMS elevates a regular account to admin — and SSH keys stored in a cloud bucket, combined with a fact-gathering tool, lead to root.

A Windows domain controller where anonymous LDAP enumeration surfaces a first credential — and a built-in backup privilege allows reading registry hives directly, leading to a full domain compromise.

A Linux machine where an unauthenticated API endpoint leaks password hashes — and an exposed Docker socket inside a container provides a direct bridge to the host system.

A Linux machine where an insecure direct object reference on a PCAP endpoint exposes plaintext credentials — and a Linux capability assigned to the Python interpreter provides a clean, direct path to root.

A Linux machine where an unauthenticated Joomla endpoint leaks database credentials — and a crash reporting utility’s interactive pager becomes an unexpected path to root.

A Linux machine where an exposed network share leaks application source code — and a CRLF injection flaw bypasses role restrictions, kicking off a chain of misconfigurations that leads all the way to root.