An easy difficulty linux host with an apache web server vulnerable to shellshock. Exploit via python POC. Escalation via sudo perl permissions.

An easy difficulty windows host with a focus on active directory. Initial foothold via enumatating the server to create a user list to use in an ASREPRoast Attack. Cracking hashes with john. Enumerating the domain with Bloodhound and SharpHound. Escalation via a DC Sync Attack. Administrator via dumping and passing the hash.

An easy difficulty Linux host. Foothold via directory listing with credential files. Reverse shell via PHP upload script. Root via an SUID file.