Skip to content

anxs3c/Machines

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 

Repository files navigation

Typing SVG

A list of every machine I have rooted, compromised, or reconstructed. Each entry includes attack path, key techniques, and writeup link


Machine Avatar Focus Key Techniques Writeup Status
Support WindowsAD SMB Access, Binary Analysis, XOR Decryption, LDAP Enumeration, RBCD, DCSync Read Rooted
Eighteen WindowsAD MSSQL Impersonation, Password Spraying, BadSuccessor Attack, dMSA Creation Pending Rooted
Abducted Linux Samba CVE-2026-4480 (Print Job Injection), rclone Password Decryption, Password Reuse, SMB Wide Links & Symlink Traversal, SSH Key Injection, systemd Drop-in Exploitation (operators group) Pending Rooted
Snapped Linux Snapd LPE (CVE-2026-3888), Race Condition Exploitation, systemd-tmpfiles Timer Abuse, Dynamic Loader Overwrite, SUID Bash Persistence Pending Rooted
TwoMillion Linux JS Deobfuscation, API Enumeration, PrivEsc, OS Command Injection, Reverse Shell, .env, Lateral Movement, CVE-2023-0386. OverlayFS/FUSE Kernel Exploit Read Rooted
SeaPanda ICS / OT USB Infection, Process Hollowing, SSH Lateral Movement, Splunk, Modbus Manipulation, PLC Logic Deployment Read Reconstructed
Expressway Linux IKE/IPsec Discovery, PSK Cracking, Sudo Chroot Bypass (CVE-2025-32463) Pending Rooted
Editor Linux XWiki RCE (CVE-2025-24893), Password Grep, SSH Access, ndsudo Privilege Escalation, PATH Hijacking via CVE-2024-32019 Read Rooted
Facts Linux Camaleon CMS (v2.9.0), CVE-2025-2304 (Privilege Escalation to Admin), CVE-2024-46987 (Arbitrary File Read), SSH Private Key Extraction, Facter Custom Directory RCE (sudo) Pending Rooted
Devvortex Linux Virtual Host Discovery, Joomla CVE-2023-23752 (Information Disclosure), MySQL Database Access, Password Cracking, CVE-2023-1326 (apport-cli Privilege Escalation) Pending Rooted
Lame Linux SMB Enumeration, Samba CVE-2007-2447 (Username Map Script), Metasploit Exploitation, Root Shell via usermap_script Pending Rooted
Cap Linux IDOR, PCAP Traffic Analysis, Credential Reuse, Linux Capabilities, Python setuid Exploit Read Rooted
CCTV Linux ZoneMinder Default Credentials, Time-based Blind SQLi (CVE-2024-51482), Bcrypt Hash Cracking, SSH Access, Internal Service Discovery, motionEye Admin Credential Extraction, Command Injection via motionEye (CVE-2025-60787) Pending Rooted
Reactor Linux Next.js RCE (CVE-2025-55182 / React2Shell), SQLite DB Credential Extraction, MD5 Hash Cracking, SSH Access, Node.js Inspector Debugger Exploitation (Root) Pending Rooted
WingData Linux Wing FTP Server, Anonymous FTP Access, Directory Traversal, SSH Private Key Theft, Sudo CVE-2021-3156 (Baron Samedit), Root Privilege Escalation Pending Rooted




Web Security & Penetration Testing

This is my web security testing repository, where I document, track, and share my penetration testing labs across different vulnerability categories

Each web vulnerability below links to a dedicated repository containing detailed writeups, methodologies, and attack walkthroughs for every lab I've solved


Vulnerability Type Repository
Access Control View Labs →
Authentication View Labs →
Business Logic View Labs →
Clickjacking View Labs →
CORS Misconfiguration View Labs →
Cross-Site Request Forgery (CSRF) View Labs →
Cross-Site Scripting (XSS) View Labs →
DOM-Based Vulnerabilities View Labs →
File Upload View Labs →
GraphQL API View Labs →
HTTP Host Header Attacks View Labs →
HTTP Request Smuggling View Labs →
Information Disclosure View Labs →
Insecure Deserialization View Labs →
JSON Web Tokens (JWT) View Labs →
NoSQL Injection View Labs →
OAuth Authentication View Labs →
OS Command Injection View Labs →
Path Traversal View Labs →
Prototype Pollution View Labs →
Race Conditions View Labs →
Server-Side Request Forgery (SSRF) View Labs →
Server-Side Template Injection (SSTI) View Labs →
SQL Injection (SQLi) View Labs →
Web Cache Deception View Labs →
Web Cache Poisoning View Labs →
Web LLM Attacks View Labs →
WebSockets View Labs →
XML External Entity (XXE) View Labs →
API Security Testing View Labs →
Essential Skills View Labs →



Skills & Expertise

> Operating Systems

Category Technologies
Windows Active Directory, LDAP, SMB, Kerberos, Group Policy, Powershell, Windows Internals
Linux Unix Privilege Escalation, Kernel Exploits, Systemd, SUID/SGID, Capabilities, Cron Jobs
ICS/OT Modbus, SCADA, PLC Programming, Industrial Protocols, Process Control Security

> Reconnaissance & Enumeration

Category Tools & Techniques
Network Nmap, Rustscan, Masscan, Wireshark, tcpdump, Netcat, Ncat
Web Burp Suite, OWASP ZAP, Gobuster, Dirb, FFUF, Wfuzz, Nikto
Active Directory BloodHound, SharpHound, LDAPSearch, ADRecon, PowerView, CrackMapExec
Cloud AWS CLI, Azure CLI, Cloud Enumeration, Misconfiguration Discovery

> Exploitation

Category Techniques
Web SQL Injection, XSS, CSRF, RCE, LFI/RFI, SSRF, Deserialization, SSTI, XXE
Network MITM, Sniffing, Spoofing, ARP Poisoning, DNS Spoofing
AD Attacks Kerberoasting, AS-REP Roasting, RBCD, DCSync, Pass-the-Hash, Pass-the-Ticket, Golden Ticket, Silver Ticket
Privilege Escalation Sudo Abuse, SUID/SGID, Capabilities, Cron Jobs, Docker Escape, Kernel Exploits, Path Hijacking
Password Attacks Hashcat, John the Ripper, Hydra, Medusa, Crunch, Wordlist Generation

> Post-Exploitation

Category Capabilities
Lateral Movement WMI, PsExec, SMBExec, WinRM, RDP, SSH Tunneling, Proxychains
Persistence Schedules Tasks, Systemd Services, Registry Run Keys, .bashrc, .profile, SSH Keys
Data Exfiltration FTP, SCP, HTTP(S), DNS Tunneling, ICMP Tunneling
Pivoting SSH Tunneling, Port Forwarding, Socks Proxy, Chisel, Ligolo-ng



Disclaimer

All machines were compromised in authorized environments with explicit permission and writeups are for educational purposes only



"No system is safe and the only secure system is one that is turned off and unplugged"