Exploit

Logger

Easy Code Execution

Logger is a medium-difficulty Linux CTF challenge that revolves around a misconfigured internal log management system. Participants begin by authenticating to a web interface, where they must identify and exploit a Remote Code Execution (RCE) vulnerability.

PwnDoc

Easy CVE

PwnDoc is an easy-level Linux machine that focuses on web exploitation techniques and Docker-based privilege escalation.

Staging

Medium Security Misconfiguration

Staging is a medium-difficulty Linux CTF where you brute-force hidden vhosts, spin up a remote database to configure an uninitialized WordPress, then exploit misconfigurations for initial access. From there, you reuse credentials and abuse sudo misconfigs to gain root. It mimics real-world staging pitfalls in poorly managed environments.

Zorlang

Medium CVE

Zorlang is a Linux-based CTF machine designed to challenge a player???s skills in exploiting modern vulnerabilities and navigating post-exploitation scenarios. Players must gain an initial foothold by targeting an exposed service and then proceed to enumerate internal services to pivot deeper into the network. Success requires effective use of SSH tunneling techniques and a final privilege escalation through a misconfigured or vulnerable internal component, ultimately leading to full system compromise.

One Click

Easy Authentication Bypass

An end user has installed some software that was not approved on the ITs list. This resulted in a vulnerability being exposed, can you exploit this windows machine?

Splinter

Easy Server Side Template Injection

Unemployable INC, a shady corporation, needs your penetration testing skills. Suspecting server-side template injection vulnerabilities, they've hired you to infiltrate their systems. Like Splinter, exploit weaknesses and demonstrate the impact. Uncover hidden vulnerabilities, prove your worth, and expose the true extent of their security flaws. The fate of Unemployable INC rests in your hands.

Stacy's Office

Intermediate Red Team Operation

In the Stacy's Office Active Directory Lab, participants take on the role of red teamers, tasked with exploiting a simulated corporate environment. This lab involves an Active Directory setup where users must infiltrate the network, escalate privileges, and gain unauthorized access to sensitive information.

Phishing Campaign

Beginner Active Directory

This Gophish lab provides a safe and effective environment for phishing simulations, allowing you to observe and understand user interactions with phishing emails. Through MailHog, all email communication is safely captured and isolated. This hands-on experience highlights the importance of phishing awareness and helps demonstrate how cyber-attacks often exploit human behavior to gain unauthorized access to sensitive information.