- Every machine has its own folder were the write-up is stored.
- In some cases there are alternative-ways, that are shorter write ups, that have another way to complete certain parts of the boxes.
- If custom scripts are mentioned in the write up, it can also be found in the corresponding folder.
- The file tables-of-boxes.md is similar to README.md but with more information:
- Difficulty Rating on Hack The Box
- State of my personal completion
- Alternative way exists in this repository
More write-ups will come soon.
Most commands and the output in the write-ups are in text form, which makes this repository easy to search though for certain keywords.
Clone the repository and go into the folder and search with grep and the arguments for case-insensitive (-i) and show the filename (-R).
Example: Search all write-ups were the tool sqlmap is used
grep -iR "sqlmap" */*.md
Example: Search all write-ups were CSRF is mentioned
grep -iR "csrf" */*.md
Example: Search all write-ups were port 8080 is open
grep -iR "8080/tcp" */*.md
- Stacked
- Retired on 19th March 2022
- OS: Linux
- Tags: Cross-Site Request Forgery (CSRF), CVE (LocalStack), AWS S3 Buckets, Docker
- Ransom
- Retired on 15th March 2022
- OS: Linux
- Tags: PHP Type Juggling, ZipCrypto Known-Plaintext Attack
- Devzat
- Retired on 12th March 2022
- OS: Linux
- Tags: Go Code Analysis, InfluxDB, JSON Web Token (JWT)
- Driver
- Retired on 26th February 2022
- OS: Windows
- Tags: SCF File Attack, CVE (Ricoh Printer), PrintNightmare Vulnerability
- Bolt
- Retired on 19th February 2022
- OS: Linux
- Tags: Docker Image Forensics, Server Side Template Injection (SSTI), PGP
- Pressed
- Retired on 5th February 2022
- OS: Linux
- Tags: WordPress XML-RPC, Firewall Bypass, CVE (PolKit pkexec)
- Horizontall
- Retired on 5th February 2022
- OS: Linux
- Tags: CVE (Strapi.io), CVE (Laravel Debug Mode)
- Anubis
- Retired on 29th January 2022
- OS: Windows
- Tags: Server Side Template Injection (SSTI), CVE (Jamovi), Certified Pre-Owned (ADCS)
- Forge
- Retired on 22nd January 2022
- OS: Linux
- Tags: Server Side Request Forgery (SSRF), Python Code Analysis
- Previse
- Retired on 8th January 2022
- OS: Linux
- Tags: Execute-After-Redirect (EAR), Insecure Direct Object Reference (IDOR)
- LogForge
- Retired on 23rd December 2021
- OS: Linux
- Tags: Log4Shell, Java Debugging
- Writer
- Retired on 11th December 2021
- OS: Linux
- Tags: SQL Injection, Python Flask, Postfix, Advanced Packaging Tools (APT)
- Pikaboo
- Retired on 4th December 2021
- OS: Linux
- Tags: Path Traversal, Local File Inclusion (LFI), Log Poisoning, Perl Vulnerability
- Intelligence
- Retired on 27th November 2021
- OS: Windows
- Tags: Active Directory, BloodHound, Group Managed Service Account, Silver Ticket
- Union
- Retired on 23rd November 2021
- OS: Linux
- Tags: SQL Injection, Command Injection
- BountyHunter
- Retired on 20th November 2021
- OS: Linux
- Tags: XML External Entity (XXE), Python Code Analysis
- Seal
- Retired on 13th November 2021
- OS: Linux
- Tags: Gitbucket, Server Side Request Forgery (SSRF), Ansible
- Explore
- Retired on 30th October 2021
- OS: Android
- Tags: CVE (ES File Explorer), Android Debug Bridge (adb)
- Spooktrol
- Retired on 26th October 2021
- OS: Linux
- Tags: Command & Control Server (C2), Reverse Engineering, Local File Inclusion (LFI)
- Spider
- Retired on 23rd October 2021
- OS: Linux
- Tags: Server Side Template Injection (SSTI), SQL Injection, XML External Entity (XXE), Bypass Web Application Firewall
- Dynstr
- Retired on 16th October 2021
- OS: Linux
- Tags: Dynamic DNS
- Monitors
- Retired on 9th October 2021
- OS: Linux
- Tags: Remote File Inclusion (WordPress), SQL Injection (Cacti), Java Deserialization (Apache OFBiz), Linux capabilities
- Cap
- Retired on 2nd October 2021
- OS: Linux
- Tags: PCAP Analysis, Linux capabilities
- Jarmis
- Retired on 27th September 2021
- OS: Linux
- Tags: TLS Fingerprinting, JARM, Server Side Request Forgery (SSRF), OMIGOD Vulnerability
- Pit
- Retired on 25th September 2021
- OS: Linux
- Tags: SNMP, CVE (SeedDMS), SELinux
- Sink
- Retired on 18th September 2021
- OS: Linux
- Tags: HTTP Request Smuggling, Gitea, AWS Secrets & Keys
- Schooled
- Retired on 11th September 2021
- OS: FreeBSD
- Tags: CVE (Moodle), Cross-Site-Scripting (XSS), Package Manager pkg
- Unobtainium
- Retired on 4th September 2021
- OS: Linux
- Tags: Electron Application, Local File Inclusion (LFI), Prototype Pollution, Kubernetes
- Gobox
- Retired on 30th August 2021
- OS: Linux
- Tags: Server Side Template Injection (SSTI), Golang, AWS S3 Buckets
- Knife
- Retired on 28th August 2021
- OS: Linux
- Tags: PHP Backdoor, GTFOBins (knife)
- Love
- Retired on 7th August 2021
- OS: Windows
- Tags: Server Side Request Forgery (SSRF)
- TheNotebook
- Retired on 31st July 2021
- OS: Linux
- Tags: JSON Web Token (JWT), CVE (Docker)
- Armageddon
- Retired on 24th July 2021
- OS: Linux
- Tags: CVE (Drupal), Snap
- Breadcrumbs
- Retired on 17th July 2021
- OS: Windows
- Tags: Local File Inclusion (LFI), JSON Web Token (JWT), Sticky Notes, Reverse Engineering, SQL Injection
- Atom
- Retired on 10th July 2021
- OS: Windows
- Tags: Reverse Engineering Electron Application, Redis
- Ophiuchi
- Retired on 3rd July 2021
- OS: Linux
- Tags: SnakeYAML, Golang WebAssembly
- Spectra
- Retired on 26th June 2021
- OS: chromeOS
- Tags: WordPress, Upstart
- Tentacle
- Retired on 19th June 2021
- OS: Linux
- Tags: Proxy connections, CVE (OpenSMTPD), Linux KDC, Kerberos (k5login, keytab)
- Tenet
- Retired on 12th June 2021
- OS: Linux
- Tags: WordPress, PHP Deserialization, Race Condition Vulnerability, Inotify
- ScriptKiddie
- Retired on 5th June 2021
- OS: Linux
- Tags: CVE (Msfvenom), Command Injection, Msfconsole
- Cereal
- Retired on 29th May 2021
- OS: Windows
- Tags: .NET Code Analysis, JWT Token, Deserialization, Cross-Site-Scripting (XSS), GraphQL, Server Side Request Forgery (SSRF)
- Delivery
- Retired on 22nd May 2021
- OS: Linux
- Tags: Help Desk, Mattermost, Brute-Force su
- Ready
- Retired on 15th May 2021
- OS: Linux
- Tags: GitLab, Server Side Request Forgery (SSRF), Docker
- Sharp
- Retired on 1st May 2021
- OS: Windows
- Tags: .NET Binary Analysis, .NET Remoting, Windows Communication Foundation
- Bucket
- Retired on 24th April 2021
- OS: Linux
- Tags: AWS S3 Buckets, DynamoDB, PD4ML
- Laboratory
- Retired on 17th April 2021
- OS: Linux
- Tags: CVE (GitLab), Path Injection
- Time
- Retired on 3rd April 2021
- OS: Linux
- Tags: Java Library (Jackson), Systemd Timer
- Luanne
- Retired on 27th March 2021
- OS: NetBSD
- Tags: Supervisor Process Manager, API Fuzzing
- Reel2
- Retired on 13th March 2021
- OS: Windows
- Tags: Outlook Web App (OWA), Password Spraying, Phishing, PowerShell Constrained Language, Just Enough Administration (JEA)
- Passage
- Retired on 6th March 2021
- OS: Linux
- Tags: CVE (CuteNews), USBCreator
- Academy
- Retired on 27th February 2021
- OS: Linux
- Tags: PHP Laravel, Brute-Force SSH, Auditd Log Files
- Feline
- Retired on 20th February 2021
- OS: Linux
- Tags: Java Deserialization, Tomcat, CVE (SaltStack), Docker Engine API
- Jewel
- Retired on 13th February 2021
- OS: Linux
- Tags: Ruby on Rails, Multi-Factor Authentication
- Doctor
- Retired on 6th February 2021
- OS: Linux
- Tags: Server-Side Template Injection (SSTI), Log Files, Splunk Vulnerability
- Worker
- Retired on 30th January 2021
- OS: Windows
- Tags: Apache Subversion, Azure DevOps
- Compromised
- Retired on 23rd January 2021
- OS: Linux
- Tags: CVE (LiteCart), Bypass PHP disabled functions, Persistence (MySQL, strace, LD_PRELOAD, PAM), Reverse Engineering
- Omni
- Retired on 9th January 2021
- OS: Windows IoT
- Tags: Windows IoT, SirepRAT, Decrypting Files with PowerShell
- OpenKeyS
- Retired on 12th December 2020
- OS: OpenBSD
- Tags: Vim Swap File, CVE (OpenBSD)
- Unbalanced
- Retired on 5th December 2020
- OS: Linux
- Tags: Cracking EncFS, Proxy connections, XPATH Injection, CVE (Pi-hole)
- SneakyMailer
- Retired on 28th November 2020
- OS: Linux
- Tags: Phishing, PyPI Server
- Buff
- Retired on 21st November 2020
- OS: Windows
- Tags: CVE (Gym Management Software), CVE (CloudMe Sync)
- Tabby
- Retired on 7th November 2020
- OS: Linux
- Tags: Local File Inclusion (LFI), Tomcat WAR file, Cracking ZIP, LXC (Linux Containers)
- Fuse
- Retired on 31st October 2020
- OS: Windows
- Tags: Active Directory, Custom Password List, Printer (Capcom Driver)
- Blunder
- Retired on 17th October 2020
- OS: Linux
- Tags: CVE (Bludit CMS), Bypass Brute-Force Restrictions, Sudo Vulnerability
- Cache
- Retired on 10th October 2020
- OS: Linux
- Tags: OpenEMR, SQL Injection, Memcached, Docker
- Blackfield
- Retired on 3rd October 2020
- OS: Windows
- Tags: Active Directory, AS-REP Roasting, BloodHound, LSASS Dump, NTDS.dit
- Admirer
- Retired on 26th September 2020
- OS: Linux
- Tags: Adminer, Local File Inclusion (LFI), Python Library Hijacking
- Travel
- Retired on 12th September 2020
- OS: Linux
- Tags: WordPress, Server Side Request Forgery (SSRF), PHP Deserialization, Memcached, LDAP
- Remote
- Retired on 5th September 2020
- OS: Windows
- Tags: CVE (Umbraco CMS), NFS
- Quick
- Retired on 29th August 2020
- OS: Linux
- Tags: QUIC Transport Protocol, HTTP/3, XXE on Esigate, Symlink Race
- Magic
- Retired on 22nd August 2020
- OS: Linux
- Tags: SQL Injection, Magic Bytes, Path Injection
- Traceback
- Retired on 15th August 2020
- OS: Linux
- Tags: Threat Hunting, Lua Scripting, MOTD Privilege Escalation
- Oouch
- Retired on 1st August 2020
- OS: Linux
- Tags: OAuth, D-Bus, Containers, uWSGI
- Cascade
- Retired on 25th July 2020
- OS: Windows
- Tags: LDAP, .NET Binary Analysis, Active Directory Recycle Bin
- Sauna
- Retired on 18th July 2020
- OS: Windows
- Tags: Active Directory, AS-REP Roasting, BloodHound, DCSync, Pass-The-Hash
- Book
- Retired on 11th July 2020
- OS: Linux
- Tags: SQL Truncation, Logrotten (Logrotate Vulnerability)
- ServMon
- Retired on 20th June 2020
- OS: Windows
- Tags: CVE (NVMS-1000), NSClient++
- Monteverde
- Retired on 13th June 2020
- OS: Windows
- Tags: Password Spraying, Azure AD Connect
- Nest
- Retired on 6th June 2020
- OS: Windows
- Tags: Enumerating SMB Shares, Visual Basic Code Analysis, Alternate Data Streams, .NET Binary Analysis
- Resolute
- Retired on 30th May 2020
- OS: Windows
- Tags: Password Spraying, Active Directory, DNS Admin Vulnerability
- Obscurity
- Retired on 9th May 2020
- OS: Linux
- Tags: Python Code Analysis, Known-Plaintext Attack
- OpenAdmin
- Retired on 2nd May 2020
- OS: Linux
- Tags: CVE (OpenNetAdmin), Password Reuse
- Control
- Retired on 25th April 2020
- OS: Windows
- Tags: SQL Injection, PowerShell History, Windows Services
- Mango
- Retired on 18th April 2020
- OS: Linux
- Tags: MongoDB
- Traverxec
- Retired on 11th April 2020
- OS: Linux
- Tags: CVE (Nostromo), Password Cracking, journalctl
- Registry
- Retired on 4th April 2020
- OS: Linux
- Tags: Docker Registry, CVE (Bolt CMS), Restic
- Forest
- Retired on 21st March 2020
- OS: Windows
- Tags: Active Directory, Password Spraying, SMB Null Session Attack, AS-REP Roasting, DCSync
- Postman
- Retired on 14th March 2020
- OS: Linux
- Tags: Redis, CVE (Webmin)
- Bankrobber
- Retired on 7th March 2020
- OS: Windows
- Tags: Cross-Site-Scripting (XSS), SQL Injection, Cross-Site-Request-Forgery (CSRF), Server Exploitation
- Scavenger
- Retired on 29th February 2020
- OS: Linux
- Tags: SQL Injection, Whois, DNS Zone Transfer, Log and PCAP Analysis, Rootkit Reversing
- Zetta
- Retired on 22nd February 2020
- OS: Linux
- Tags: FTP Bounce Attack, IPv6, rsync, Rsyslog, SQL Injection, PostgreSQL
- Json
- Retired on 15th February 2020
- OS: Windows
- Tags: .NET Deserialization, .NET Binary Analysis
- RE
- Retired on 1st February 2020
- OS: Windows
- Tags: ODS Spreadsheet with Macros, CVE (WinRAR), Ghidra XXE Vulnerability
- AI
- Retired on 25th January 2020
- OS: Linux
- Tags: SQL Injection via Speech-To-Text, Java Debug Wire Protocol (JDWP)
- Player
- Retired on 18th January 2020
- OS: Linux
- Tags: JSON Web Token (JWT), FFmpeg Vulnerability, CVE (SSH), PHP Deserialization Vulnerability
- Bitlab
- Retired on 11th January 2020
- OS: Linux
- Tags: GitLab, Git Hooks, PostgreSQL, Windows Binary Analysis
- Craft
- Retired on 4th January 2020
- OS: Linux
- Tags: Gogs (Git), Searching through Code, HashiCorp Vault Token
- Wall
- Retired on 7th December 2019
- OS: Linux
- Tags: CVE (Centreon), Decompile Python Binary, Screen Privilege Escalation
- Heist
- Retired on 30th November 2019
- OS: Windows
- Tags: Cisco Password Cracking, Password Spraying, SID Brute-Force, Process Dump
- Chainsaw
- Retired on 23rd November 2019
- OS: Linux
- Tags: Solidity / Smart Contracts, InterPlanetary File System (IPFS), Slack Space
- Networked
- Retired on 16th November 2019
- OS: Linux
- Tags: Arbitrary File Upload, Cronjob, Code Execution through Network Scripts
- Jarvis
- Retired on 9th November 2019
- OS: Linux
- Tags: SQL Injection, phpMyAdmin
- Haystack
- Retired on 2nd November 2019
- OS: Linux
- Tags: Port forwarding, Elastic Stack
- Safe
- Retired on 26th October 2019
- OS: Linux
- Tags: Return-Oriented Programming (Buffer Overflow), KeePass database cracking
- Ellingson
- Retired on 19th October 2019
- OS: Linux
- Tags: Python Flask / Werkzeug, Shadow file, Binary Exploitation (ROP Chain)
- Writeup
- Retired on 12th October 2019
- OS: Linux
- Tags: CVE (CMS Made Simple), Relative path in Crontab
- Ghoul
- Retired on 5th October 2019
- OS: Linux
- Tags: Zip Slip Vulnerability, Docker, Pivoting, Gogs (Git), Git Hooks, SSH Agent Forwarding
- SwagShop
- Retired on 28th September 2019
- OS: Linux
- Tags: CVE (Magento)
- Luke
- Retired on 14th September 2019
- OS: Linux
- Tags: JSON Web Token (JWT), Ajenti
- Bastion
- Retired on 7th September 2019
- OS: Windows
- Tags: VHD files, mRemoteNG
- OneTwoSeven
- Retired on 31st August 2019
- OS: Linux
- Tags: Port forwarding, Advanced Packaging Tools (APT)
- Unattended
- Retired on 24th August 2019
- OS: Linux
- Tags: SQL Injection
- Helpline
- Retired on 17th August 2019
- OS: Windows
- Tags: CVE (ManageEngine ServiceDesk), Encrypted File System
- Arkham
- Retired on 10th August 2019
- OS: Windows
- Tags: LUKS encryption, Java payloads, UAC bypassing
- Fortune
- Retired on 3rd August 2019
- OS: OpenBSD
- Tags: SSL/TLS certificates
- LeCasaDePapel
- Retired on 27th July 2019
- OS: Linux
- Tags: SSL/TLS certificates
- CTF
- Retired on 20th July 2019
- OS: Linux
- Tags: One-Time-Pad, LDAP
- FriendZone
- Retired on 13th July 2019
- OS: Linux
- Tags: DNS Enumeration
- Netmon
- Retired on 29th June 2019
- OS: Windows
- Tags: CVE (PRTG Network Monitor)
- Querier
- Retired on 22nd June 2019
- OS: Windows
- Tags: MS SQL, GPO password
- Help
- Retired on 8th June 2019
- OS: Linux
- Tags: SQL Injection, Arbitrary File Upload
- Sizzle
- Retired on 1st June 2019
- OS: Windows
- Tags: SCF File Attack, Certificate Authority, Kerberoast, BloodHound, C2 Framework Covenant
- Chaos
- Retired on 25th May 2019
- OS: Linux
- Tags: Password reuse, IMAP, Restricted shell, Firefox passwords
- Conceal
- Retired on 18th May 2019
- OS: Windows
- Tags: SNMP, IKE/IPSec
- Lightweight
- Retired on 11th May 2019
- OS: Linux
- Tags: LDAP, Traffic sniffing, Linux capabilities
- Irked
- Retired on 27th April 2019
- OS: Linux
- Tags: Internet Relay Chat (IRC), Steganography
- Teacher
- Retired on 20th April 2019
- OS: Linux
- Tags: CVE (Moodle), Cronjobs
- RedCross
- Retired on 13th April 2019
- OS: Linux
- Tags: SQL Injection, Cross-Site-Scripting (XSS), Command Injection, CVE (Haraka), PostgreSQL, Buffer Overflow
- Vault
- Retired on 6th April 2019
- OS: Linux
- Tags: Pivoting, Port Forwarding, GPG
- Curling
- Retired on 30th March 2019
- OS: Linux
- Tags: Custom Word List, Nested encoding, cURL Configuration File
- Frolic
- Retired on 23rd March 2019
- OS: Linux
- Tags: Decoding different Encodings, CVE (playSMS), Binary Exploitation
- Carrier
- Retired on 16th March 2019
- OS: Linux
- Tags: Border Gateway Protocol (BGP) Hijack
- Access
- Retired on 2nd March 2019
- OS: Windows
- Tags: Microsoft Access Database, Stored Windows Credentials, Runas
- Zipper
- Retired on 23rd February 2019
- OS: Linux
- Tags: Zabbix, Systemd timer
- Giddy
- Retired on 16th February 2019
- OS: Windows
- Tags: SQL Injection, CVE (Ubiquiti UniFi Video), Bypass AppLocker & Anti-Malware
- Ypuffy
- Retired on 9th February 2019
- OS: OpenBSD
- Tags: LDAP, SSH Certificate Authority
- Dab
- Retired on 2nd February 2019
- OS: Linux
- Tags: Fuzzing, Memcached, SSH Enumeration, Reverse Engineering
- SecNotes
- Retired on 19th January 2019
- OS: Windows
- Tags: Cross-Site-Request-Forgery (CSRF)
- Oz
- Retired on 12th January 2019
- OS: Linux
- Tags: Web API, SQL Injection, Server Side Template Injection (SSTI), Port Knocking, Docker (Portainer)
- Mischief
- Retired on 5th January 2019
- OS: Linux
- Tags: SNMP, IPv6, ICMP
- Waldo
- Retired on 15th December 2018
- OS: Linux
- Tags: Directory Traversal, Docker, Restricted bash, Linux capabilities
- Active
- Retired on 8th December 2018
- OS: Windows
- Tags: Active Directory, GPO password, Kerberoast
- Hawk
- Retired on 1st December 2018
- OS: Linux
- Tags: Drupal, Decrypt OpenSSL, H2 Java SQL Database
- Jerry
- Retired on 17th November 2018
- OS: Windows
- Tags: Tomcat WAR file
- Reel
- Retired on 10th November 2018
- OS: Windows
- Tags: Phishing, Active Directory, BloodHound
- Dropzone
- Retired on 3rd November 2018
- OS: Windows
- Tags: TFTP, Manage Object Format (MOF), Alternate Data Streams
- Bounty
- Retired on 27th October 2018
- OS: Windows
- Tags: IIS web.config, CVE
- TartarSauce
- Retired on 20th October 2018
- OS: Linux
- Tags: WordPress, Remote File Inclusion (RFI), Tar, Systemd timer
- DevOops
- Retired on 13th October 2018
- OS: Linux
- Tags: XML External Entity (XXE), Python pickle, Git
- Sunday
- Retired on 29th September 2018
- OS: Solaris
- Tags: Finger, Shadow file, Wget
- Olympus
- Retired on 22nd September 2018
- OS: Linux
- Tags: Xdebug, Decipher Wireless Traffic, Port Knocking, Docker
- Canape
- Retired on 15th September 2018
- OS: Linux
- Tags: Git, Python pickle, CouchDB, pip
- Poison
- Retired on 8th September 2018
- OS: FreeBSD
- Tags: Local File Inclusion (LFI), Log Poisoning, VNC
- Stratosphere
- Retired on 1st September 2018
- OS: Linux
- Tags: CVE (Apache Struts), Forward shell, Python module attack
- Celestial
- Retired on 25th August 2018
- OS: Linux
- Tags: Node.js Deserialization attack, Cronjobs
- Silo
- Retired on 4th August 2018
- OS: Windows
- Tags: Oracle Database, ODAT, Windows Memory Dump, Volatility, Pass-The-Hash
- Valentine
- Retired on 28th July 2018
- OS: Linux
- Tags: Heartbleed, tmux
- Aragog
- Retired on 21st July 2018
- OS: Linux
- Tags: XML External Entity (XXE), Local File Inclusion (LFI), WordPress configuration
- Bart
- Retired on 14th July 2018
- OS: Windows
- Tags: Log Poisoning, Autologon Credentials
- Nibbles
- Retired on 30th June 2018
- OS: Linux
- Tags: CVE (Nibbleblog CMS)
- Falafel
- Retired on 23rd June 2018
- OS: Linux
- Tags: SQL Injection, PHP Type Juggling, Wget character length, Linux System Groups
- Chatterbox
- Retired on 16th June 2018
- OS: Windows
- Tags: CVE (AChat chat system)
- CrimeStoppers
- Retired on 2nd June 2018
- OS: Linux
- Tags: Local File Inclusion (LFI), PHP wrapper, Thunderbird, Reverse Engineering
- Tally
- Retired on 28th May 2018
- OS: Windows
- Tags: SharePoint, KeePass database cracking, MS SQL, Scheduled task
- Jeeves
- Retired on 19th May 2018
- OS: Windows
- Tags: Jenkins, KeePass database cracking, Alternate Data Streams
- FluxCapacitor
- Retired on 12th May 2018
- OS: Linux
- Tags: Web Application Fuzzing
- Bashed
- Retired on 28th April 2018
- OS: Linux
- Tags: Webshell
- Ariekei
- Retired on 21st April 2018
- OS: Linux
- Tags: Network Pivoting, ImageTragick, Shellshock, Docker
- Inception
- Retired on 14th April 2018
- OS: Linux
- Tags: Arbitrary File Read, WebDAV, Proxy connections, Host and guest system, Advanced Packaging Tools (APT)
- Sense
- Retired on 24th March 2018
- OS: FreeBSD
- Tags: CVE (pfSense), Bypassing character filter
- Enterprise
- Retired on 17th March 2018
- OS: Linux
- Tags: SQL Injection (WordPress), Joomla, Pivoting, Binary Exploitation
- Kotarak
- Retired on 10th March 2018
- OS: Linux
- Tags: Server Side Request Forgery (SSRF), Tomcat WAR file, ntds.dit Cracking, Pivoting, Wget Exploitation
- Node
- Retired on 3rd March 2018
- OS: Linux
- Tags: Node.js, ZIP password cracking, MongoDB, Binary Exploitation, Return-to-libc Attack
- Mantis
- Retired on 24th February 2018
- OS: Windows
- Tags: Active Directory, Kerberos Forging Attack
- Shocker
- Retired on 17th February 2018
- OS: Linux
- Tags: CVE (Shellshock)
- Mirai
- Retired on 10th February 2018
- OS: Linux
- Tags: Default credentials
- Shrek
- Retired on 3rd February 2018
- OS: Linux
- Tags: Audio Steganography, Decrypting RSA key, Abusing Wildcards
- SolidState
- Retired on 27th January 2018
- OS: Linux
- Tags: Mail, Restricted bash
- Calamity
- Retired on 20th January 2018
- OS: Linux
- Tags: Audio Steganography, Exploiting LXC (Linux Containers)
- Blue
- Retired on 13th January 2018
- OS: Windows
- Tags: CVE (EternalBlue)
- Nineveh
- Retired on 16th December 2017
- OS: Linux
- Tags: Online Password Cracking, phpLiteAdmin, Port Knocking, chkrootkit
- Blocky
- Retired on 9th December 2017
- OS: Linux
- Tags: Java files
- Europa
- Retired on 2nd December 2017
- OS: Linux
- Tags: PHP Regular Expressions, Cronjobs
- Apocalyst
- Retired on 25th November 2017
- OS: Linux
- Tags: Custom Password Lists, WordPress
- Holiday
- Retired on 18th November 2017
- OS: Linux
- Tags: SQL Injection, Cross-Site-Scripting (XSS), Node Package Manager (npm)
- Sneaky
- Retired on 11th November 2017
- OS: Linux
- Tags: SNMP, IPv6, Binary Exploitation
- Charon
- Retired on 4th November 2017
- OS: Linux
- Tags: SQL Injection, RSA decryption, Binary Exploitation
- Optimum
- Retired on 28th October 2017
- OS: Windows
- Tags: CVE (HttpFileServer)
- Grandpa
- Retired on 21st October 2017
- OS: Windows
- Tags: CVE (WebDAV)
- Granny
- Retired on 21st October 2017
- OS: Windows
- Tags: WebDAV, CVE
- Devel
- Retired on 14th October 2017
- OS: Windows
- Tags: CVE
- Lazy
- Retired on 7th October 2017
- OS: Linux
- Tags: Cookie bit flipping, Binary Analysis
- Haircut
- Retired on 30th September 2017
- OS: Linux
- Tags: Exploiting cURL, Screen command
- Bank
- Retired on 22nd September 2017
- OS: Linux
- Tags: DNS, Arbitrary File Upload
- Joker
- Retired on 22nd September 2017
- OS: Linux
- Tags: Proxy connections, Sudo exploit, Dangers of wildcards
- Bastard
- Retired on 16th September 2017
- OS: Windows
- Tags: Drupal, PHP serialization vulnerability
- Beep
- Retired on 1st September 2017
- OS: Linux
- Tags: Elastix PBX, Local File Inclusion (LFI), Shellshock
- Brainfuck
- Retired on 26th August 2017
- OS: Linux
- Tags: WordPress, Keyed Vigenere Cipher, RSA decryption
- Cronos
- Retired on 5th August 2017
- OS: Linux
- Tags: DNS, Web Exploitation, Laravel
- Tenten
- Retired on 16th July 2017
- OS: Linux
- Tags: CVE (WordPress), Steganography
- Arctic
- Retired on 7th July 2017
- OS: Windows
- Tags: CVE (Adobe Coldfusion)
- October
- Retired on 1st July 2017
- OS: Linux
- Tags: Binary Exploitation, Return-to-libc Attack
- Popcorn
- Retired on 25th June 2017
- OS: Linux
- Tags: Unrestricted File Upload, CVE (MOTD)
- Legacy
- Released on 15th March 2017
- OS: Windows
- Tags: CVE (Windows XP)
- Lame
- Released on 14th March 2017
- OS: Linux
- Tags: CVE (vsFTPd)