 |
$\textcolor{orange}{\textsf{Medium}}$ |
Agile |
LFI |
Chrome Debug Mode AND Sudoedit CVE-2023-22809
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
armageddon |
Drupal property injection: Drupalgeddon 2 |
snap install with sudo |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Backdoor |
WP-Plugin:eBook Download 1.1 - LFI/RFI And identifying services with /proc And GDBserver Remote Payload Execution
|
suid: screen |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Bagel |
LFI And Reversing DLL And DotNET Object Deserialization
|
dotnet with sudo |
 |
$\textcolor{green}{\textsf{Easy}}$ |
BountyHunter |
xxe |
python script logic |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Busqueda |
Command Injection |
Docker inspect config dump |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Cap |
Parameter Manipulation And PCAP file analysis
|
python with setuid capability |
 |
$\textcolor{yellow}{\textsf{INSANE}}$ ⚠️ |
CrossFitTwo |
Websocket And SQL injection: blind/Union And DNS Hijacking And CSRF
|
Node module hijack And Yubikey
|
 |
$\textcolor{red}{\textsf{Hard}}$ |
Developer |
Reverse tab-nabbing And Django Deserialization
|
Postgresql Enumeration |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Devzat |
Command Injection |
InfluxDB authentication bypass vulnerability And lfi
|
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Dynstr |
ISC BIND DNSserver And Command Injection in Bind API
|
DNS pointer record(PTR) And Wildcard in cp Command
|
 |
$\textcolor{orange}{\textsf{Medium}}$ |
encoding |
LFI and SSRF and PHP filter chain and Git hooks
|
systemctl with sudo |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Faculty |
LFI |
Command Injection and gdb attach
|
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Forge |
SSRF |
Python pdb Module |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
GoodGames |
SQLi And SSTI
|
Docker escape: Password Reuse And Host mount inside docker
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
Horizontall |
Improper Access Control And Command Injection
|
Laravel <8.4.2 RCE |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Inject |
Path Traversal in apache maven webApp AND CVE-2022-22963
|
ansible-playbook |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Interface |
API fuzzing AND dompdf CVE-2022-28368
|
Shell Arithmetic Expansion Command Injection |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Investigation |
Exiftool CVE-2022-23935 And Windows Event Log
|
Reversing C binary |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Knife |
backdoor php Version |
knife with sudo |
 |
$\textcolor{red}{\textsf{Hard}}$ |
Mailroom |
Blind XSS AND NoSQL injection AND Command Injection
|
Watch feature process and strace AND Open keepass database
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
Meta |
exiftool CVE-2021-22204 |
ImageMagick PDF-parsing flaw And sudo neofetch with XDG_CONFIG_HOME
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
MetaTwo |
WP-Plugin SQLi CVE-2022-0739 And WP XXE CVE-2021-29447
|
passpie cracking with john |
 |
$\textcolor{red}{\textsf{Hard}}$ |
Monitors |
wp-plugin "Spritz" LFI And "cacti" SQLi Stacked Queries to RCE
|
Socat Portforwarding And "ofbiz" Deserialization RCE And Container with SYS_MODULE Capability
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
MonitorsTwo |
Cacti Unauthenticated RCE CVE-2022-46169 |
Docker overlay FS |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Onlyforyou |
Directory Traversal AND Command Injection AND neo4j Cypher Injection
|
pip3 as root |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
ophiuchi |
SnakeYAML Deserilization |
wasm reversing |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Pandora |
enumerating SNMP And Pandora FMS - SQLi and file upload
|
setresuid() Restriction Bypass |
 |
$\textcolor{red}{\textsf{Hard}}$ |
Pikaboo |
URL parser logic in nginx server And lfi to RCE via ftp log
|
Perl jam: Command Injection |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Pit |
SNMP Enumeration And Login Form Bruteforce with hydra And SeedDMS RCE
|
Access control list(ACL) And SNMP Extend Command
|
 |
$\textcolor{red}{\textsf{Hard}}$ |
Pollution |
Burp history logs And out-of-band XXE to exfiltrate data And redis php session manipulation And PHP filter chain
|
php-fpm RCE And lodash merge prototype pollution
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
Precious |
pdfkit CVE-2022-25765 |
Ruby YAML deserialization |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Previse |
Blind Command Injection |
Absolute Path Injection |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Ready |
gitlab <11.4.8 SSRF via IPv6 And redis server RCE
|
docker container with --privileged |
 |
$\textcolor{green}{\textsf{Easy}}$ |
RouterSpace |
Android app dynamic analysis |
Sudoedit |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Schooled |
Moodle LMS Enumeration And XSS in "Moodle" And Privilege Escalation in "Moodle" And Moodle Admin RCE
|
pkg with sudo |
 |
$\textcolor{green}{\textsf{Easy}}$ |
scriptKiddie |
command injection |
msfconsole with sudo |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Seal |
URL Parser Logic in Apache server |
ansible-playbook Command with sudo |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Secret |
Webapp source code review And Command injection
|
Core Dump |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Shibboleth |
ipmi And zabbix
|
mysql 'wsrep_provider' OS Command Execution |
 |
$\textcolor{yellow}{\textsf{INSANE}}$ ⚠️ |
Sink |
http Request Smuggling |
AWS secretsmanager And AWS kms decrypt
|
 |
$\textcolor{green}{\textsf{Easy}}$ |
Soccer |
Blind SQLi over websocket |
dstat with doas |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Socket |
Python byte-codes de-compile AND Websocket SQLi using SQLMAP
|
pyInstaller file read |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Spectra |
wpadmin reverse shell |
initctl with sudo |
 |
$\textcolor{red}{\textsf{Hard}}$ |
Spider |
SSTI And SQLi in auth token And Blind restricted SSTI
|
XXE to inject payload in auth token |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Stocker |
NoSQLi with JSON And PDF XSS
|
Nodejs with sudo |
 |
$\textcolor{red}{\textsf{Hard}}$ |
Tentacle |
DNS Enumeration And squid proxy And ffuf with multi-proxy And OpenSMTPD RCE
|
ssh with kerberos token And k5login And kadmin
|
 |
$\textcolor{orange}{\textsf{Medium}}$ |
theNotebook |
jwt bypass |
Breaking Docker via runC |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Timing |
LFI And Admin role impersonate And File upload RCE
|
wget and axel rc files |
 |
$\textcolor{green}{\textsf{Easy}}$ |
Trick |
LFI |
fail2ban Misconfiguration |
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Unicode |
JWT jku bypass And lfi
|
Python byte-codes decompile And Command injection
|
 |
$\textcolor{red}{\textsf{Hard}}$ |
Unobtainium |
reversing Electron application deb package And Prototype Pollution And Command injection
|
Kubernetes And Kubectl And kubernetes admin
|
 |
$\textcolor{orange}{\textsf{Medium}}$ |
Writer |
UNION sqli TO file read And RCE using SSRF with smb And Unintended: Command Injection via filename
|
postfix automate scripts And Invoke command with apt Configs
|
