Exploitation of Cross-site Scripting(XSS) vulnerability and WAF bypass to capture the moderator user’s cookie which we used to login to the application and obtain the first flag. We get an endpoint...

Horizon simulates investigating a breach involving email compromise,phishing and covenant c2 framework deployment.Attack sequence was a phishing email with a a malicious powershell script disguised...

Short room on forensics where we extract hashes from a given LSASS dump and using the data to decrypt SMB3 traffic within a given pcap file on wireshark. Initial Enumeration From the room descri...

Mnemonic covered aspects of bruteforcing which gained entry to ftp credentials where a private encrypted key of a user was cracked using john to gain an initial foothold.Further analysis via OSINT ...

Intense challenge covering aspects of git forensics to acquire information from the objects to SQL Injection which enabled us get initial foothold using an upload vulnerability.APK analysis using j...

VulnNet is a purely active directory box where we find usernames from an SMB share and using lookupsids script from impacket to perform RID Bruteforce getting usernames from the server.Next ASREPRo...

This was a fun and easy room about getting through steganography to find ssh credentials and privilege escalation using a vulnerable binary screen-4.5.0 to gain root. Initial Enumeration Nmap sc...

Flatline was a simple room where I used a vulnerability exploit from exploit-db to gain an initial foothold through command execution and eventually escalate privileges by abusing token impersonati...

The room involved exploiting an IDOR vulnerability that helped acquire directives to get credentials by doing some short encoding and gain root via command injection over custom protocol by interc...

This room involved exploiting an SQL injection in a SQLite database allowing us to retrieve admin credentials and flag for the room. Reconnaissance SQL Injection Discovery The room instructs us...