A Linux machine where a server-side request forgery vulnerability proxies access to a hidden internal service — and a one-liner privilege escalation through an interactive pager command closes the loop.

A Linux machine where an unauthenticated directory traversal in a monitoring platform exposes database credentials — and a forgotten API token hiding in version history becomes the key to remote code execution.

A Linux machine where a pre-authentication vulnerability in a business intelligence platform grants an initial foothold — and credentials left in environment variables, combined with a kernel flaw, complete the privilege escalation.

A Windows machine where a single request parameter grants a privileged application role — and an internal application’s request forwarding feature, combined with a missing DLL, opens the path to SYSTEM.

A Linux machine where a sandboxed JavaScript environment isn’t quite sandboxed enough — and a subtle shell scripting flaw in a privileged backup script turns cracked credentials into root access.

A Linux machine where an exposed Spring Boot actuator endpoint leaks an admin session token — and an SSH username injection flaw, combined with decompiled application source, chains into root access.

A Linux machine where insecure direct object references expose files belonging to other users — and a chain of archived databases, cracked hashes, and a version history leak lead to code execution as root.

A Linux machine where a support ticketing system’s default credentials expose sensitive internal notes — and a memory disclosure vulnerability in a password manager leaks the master key protecting a root SSH key.

A Windows Active Directory machine where database server features leak website backup archives — and a misconfigured certificate authority turns limited domain access into full administrator control.

A Linux machine where a WordPress plugin’s SQL injection leaks database credentials — and an XML external entity vulnerability in the media upload handler reveals FTP credentials from a configuration file.