This room covers the famous Ghostcat CVE vulnerability to gain an initial access shell on the remote machine alongside an interesting ASC and GPG privilege escalation technique.

Lazy admins are a hacker’s best friend. This room includes using the SweetRice exploit, peering into an unsecured MySQL backup, and a priv esc tactic of rewriting a script file.

This room includes some interesting techniques like fuzzing subdomains, exploiting Gila CMS upload features and an interesting priv esc technique using tar and the checkpoint feature.