A list of every machine I have rooted, compromised, or reconstructed. Each entry includes attack path, key techniques, and writeup link
| Machine | Avatar | Focus | Key Techniques | Writeup | Status |
|---|---|---|---|---|---|
| Support | ![]() |
WindowsAD | SMB Access, Binary Analysis, XOR Decryption, LDAP Enumeration, RBCD, DCSync | Read | Rooted |
| Eighteen | ![]() |
WindowsAD | MSSQL Impersonation, Password Spraying, BadSuccessor Attack, dMSA Creation | Pending | Rooted |
| Abducted | ![]() |
Linux | Samba CVE-2026-4480 (Print Job Injection), rclone Password Decryption, Password Reuse, SMB Wide Links & Symlink Traversal, SSH Key Injection, systemd Drop-in Exploitation (operators group) | Pending | Rooted |
| Snapped | ![]() |
Linux | Snapd LPE (CVE-2026-3888), Race Condition Exploitation, systemd-tmpfiles Timer Abuse, Dynamic Loader Overwrite, SUID Bash Persistence | Pending | Rooted |
| TwoMillion | ![]() |
Linux | JS Deobfuscation, API Enumeration, PrivEsc, OS Command Injection, Reverse Shell, .env, Lateral Movement, CVE-2023-0386. OverlayFS/FUSE Kernel Exploit | Read | Rooted |
| SeaPanda | ICS / OT | USB Infection, Process Hollowing, SSH Lateral Movement, Splunk, Modbus Manipulation, PLC Logic Deployment | Read | Reconstructed | |
| Expressway | ![]() |
Linux | IKE/IPsec Discovery, PSK Cracking, Sudo Chroot Bypass (CVE-2025-32463) | Pending | Rooted |
| Editor | ![]() |
Linux | XWiki RCE (CVE-2025-24893), Password Grep, SSH Access, ndsudo Privilege Escalation, PATH Hijacking via CVE-2024-32019 | Read | Rooted |
| Facts | ![]() |
Linux | Camaleon CMS (v2.9.0), CVE-2025-2304 (Privilege Escalation to Admin), CVE-2024-46987 (Arbitrary File Read), SSH Private Key Extraction, Facter Custom Directory RCE (sudo) | Pending | Rooted |
| Devvortex | ![]() |
Linux | Virtual Host Discovery, Joomla CVE-2023-23752 (Information Disclosure), MySQL Database Access, Password Cracking, CVE-2023-1326 (apport-cli Privilege Escalation) | Pending | Rooted |
| Lame | ![]() |
Linux | SMB Enumeration, Samba CVE-2007-2447 (Username Map Script), Metasploit Exploitation, Root Shell via usermap_script | Pending | Rooted |
| Cap | ![]() |
Linux | IDOR, PCAP Traffic Analysis, Credential Reuse, Linux Capabilities, Python setuid Exploit | Read | Rooted |
| CCTV | ![]() |
Linux | ZoneMinder Default Credentials, Time-based Blind SQLi (CVE-2024-51482), Bcrypt Hash Cracking, SSH Access, Internal Service Discovery, motionEye Admin Credential Extraction, Command Injection via motionEye (CVE-2025-60787) | Pending | Rooted |
| Reactor | ![]() |
Linux | Next.js RCE (CVE-2025-55182 / React2Shell), SQLite DB Credential Extraction, MD5 Hash Cracking, SSH Access, Node.js Inspector Debugger Exploitation (Root) | Pending | Rooted |
| WingData | ![]() |
Linux | Wing FTP Server, Anonymous FTP Access, Directory Traversal, SSH Private Key Theft, Sudo CVE-2021-3156 (Baron Samedit), Root Privilege Escalation | Pending | Rooted |
This is my web security testing repository, where I document, track, and share my penetration testing labs across different vulnerability categories
Each web vulnerability below links to a dedicated repository containing detailed writeups, methodologies, and attack walkthroughs for every lab I've solved
| Vulnerability Type | Repository |
|---|---|
| Access Control | View Labs → |
| Authentication | View Labs → |
| Business Logic | View Labs → |
| Clickjacking | View Labs → |
| CORS Misconfiguration | View Labs → |
| Cross-Site Request Forgery (CSRF) | View Labs → |
| Cross-Site Scripting (XSS) | View Labs → |
| DOM-Based Vulnerabilities | View Labs → |
| File Upload | View Labs → |
| GraphQL API | View Labs → |
| HTTP Host Header Attacks | View Labs → |
| HTTP Request Smuggling | View Labs → |
| Information Disclosure | View Labs → |
| Insecure Deserialization | View Labs → |
| JSON Web Tokens (JWT) | View Labs → |
| NoSQL Injection | View Labs → |
| OAuth Authentication | View Labs → |
| OS Command Injection | View Labs → |
| Path Traversal | View Labs → |
| Prototype Pollution | View Labs → |
| Race Conditions | View Labs → |
| Server-Side Request Forgery (SSRF) | View Labs → |
| Server-Side Template Injection (SSTI) | View Labs → |
| SQL Injection (SQLi) | View Labs → |
| Web Cache Deception | View Labs → |
| Web Cache Poisoning | View Labs → |
| Web LLM Attacks | View Labs → |
| WebSockets | View Labs → |
| XML External Entity (XXE) | View Labs → |
| API Security Testing | View Labs → |
| Essential Skills | View Labs → |
| Category | Technologies |
|---|---|
| Windows | Active Directory, LDAP, SMB, Kerberos, Group Policy, Powershell, Windows Internals |
| Linux | Unix Privilege Escalation, Kernel Exploits, Systemd, SUID/SGID, Capabilities, Cron Jobs |
| ICS/OT | Modbus, SCADA, PLC Programming, Industrial Protocols, Process Control Security |
| Category | Tools & Techniques |
|---|---|
| Network | Nmap, Rustscan, Masscan, Wireshark, tcpdump, Netcat, Ncat |
| Web | Burp Suite, OWASP ZAP, Gobuster, Dirb, FFUF, Wfuzz, Nikto |
| Active Directory | BloodHound, SharpHound, LDAPSearch, ADRecon, PowerView, CrackMapExec |
| Cloud | AWS CLI, Azure CLI, Cloud Enumeration, Misconfiguration Discovery |
| Category | Techniques |
|---|---|
| Web | SQL Injection, XSS, CSRF, RCE, LFI/RFI, SSRF, Deserialization, SSTI, XXE |
| Network | MITM, Sniffing, Spoofing, ARP Poisoning, DNS Spoofing |
| AD Attacks | Kerberoasting, AS-REP Roasting, RBCD, DCSync, Pass-the-Hash, Pass-the-Ticket, Golden Ticket, Silver Ticket |
| Privilege Escalation | Sudo Abuse, SUID/SGID, Capabilities, Cron Jobs, Docker Escape, Kernel Exploits, Path Hijacking |
| Password Attacks | Hashcat, John the Ripper, Hydra, Medusa, Crunch, Wordlist Generation |
| Category | Capabilities |
|---|---|
| Lateral Movement | WMI, PsExec, SMBExec, WinRM, RDP, SSH Tunneling, Proxychains |
| Persistence | Schedules Tasks, Systemd Services, Registry Run Keys, .bashrc, .profile, SSH Keys |
| Data Exfiltration | FTP, SCP, HTTP(S), DNS Tunneling, ICMP Tunneling |
| Pivoting | SSH Tunneling, Port Forwarding, Socks Proxy, Chisel, Ligolo-ng |
All machines were compromised in authorized environments with explicit permission and writeups are for educational purposes only
"No system is safe and the only secure system is one that is turned off and unplugged"













