Aragog
Exploiting External Entity (XXE) Injection to get a shell, and abusing a developer's bad habits to escalate to root.
CTF Challenges
Valentine
A cybersecurity challenge, demonstrating the exploitation of the Heartbleed vulnerability in OpenSSL and the Dirty COW vulnerability in Linux to exfiltrate sensitive information and gain root user privileges.
Nibbles
A step-by-step guide on exploiting a data validation vulnerability in an image upload plugin, demonstrating how to bypass content filters to execute malicious code and gain unauthorized access to a remote system.
Chatterbox
A comprehensive guide on identifying and exploiting buffer overflow vulnerablities in third-party applications, using tools like nmap for system enumeration and vulnerability scanning.
Jeeves
A challenge that highlights the exploitation of broken access controls on a Jenkins installation and poor password practices on a KeePass database to gain unauthorized access and fully compromise the system.
Bashed
Exploiting a web server that's being used as a development environment by abusing artifacts left behind by the developer
Sense
A cybersecurity challenge, demonstrating the exploitation of vulnerabilities in firewall appliances, specifically misconfigurations in a web server, to gain unauthorized access to a network.
Shocker
A cybersecurity challenge focusing on exploiting the ShellShock vulnerability (also known as bashdoor) in the Unix bash shell, using basic command line tools like curl for sending and receiving web requests.
Solidstate
A practical demonstration of the risks associated with emailing user credentials in plain text, showcasing how exploiting a mail server and leveraging misconfigured file permissions can lead to system compromise.