In this room, we extract an Excel file from an SMB share and enumerate credentials. From there, we use MSSQL to gain a reverse shell and perform some privilege escalation.

In this room, we are able to mount a filesystem and enumerate the Windows SAM hashes to crack a password. From there, we perform priv esc using RemoteNG to gain a root reverse shell.

In this room, we discover a Drupal website running on the target that ends up being vulnerable to Drupalgeddon. From there, we gain a shell and escalate privileges using JuicyPotato.

This room contains a vulnerability in the Adobe ColdFusion program which we exploit to gain a reverse shell. Then, we exploit Windows kernel to escalate our privileges using Chimichurri.exe

This room contains FTP and web enumeration. From there, we find a database file and enumerate it, gaining a shell. Finally, some priv esc techniques are also discussed including some juicy PowerShell.

This room covers exploiting a public Jenkins server including gaining an initial reverse shell using GroovyScript. From there, we perform privilege escalation by cracking a juicy KeePass file.

This room covers web app pentesting including XSS on a contact form to gain an initial shell. From there, there is a unique priv esc vector through WSL (Windows Subsystem for Linux).

This room covers exploiting the AChat program using a buffer overflow to gain a reverse shell through Metasploit. Additionally, there are many manual methods covered as well for additional practice.

In this room, we play around with anonymous FTP login to gain a meterpreter reverse shell. An alternative way is also covered using Netcat and manual priv esc for additional practice.