CodePartTwo is an Easy Linux machine that features a vulnerable Flask-based web application. Initial web enumeration reveals a JavaScript code editor powered by a vulnerable version of js2py, which...

Puppy is a Medium Difficulty machine that features a non-default SMB share called DEV. With the provided credentials for user levi.james, enumeration of the domain is possible. The enumeration reve...

Fluffy is an easy-difficulty Windows machine designed around an assumed breach scenario, where credentials for a low-privileged user are provided. By exploiting CVE-2025-24071, the credentials of a...

Fixing Kerberos Clock Skew TL;DR: Two commands. Thirty seconds. Back to hacking. The problem You’ve got valid credentials. You’ve got your tooling ready. Then you fire off secretsdump, psex...

Administrator is a medium-difficulty Windows machine designed around a complete domain compromise scenario, where credentials for a low-privileged user are provided. To gain access to the michael a...