Linux

Redeemer proves that sometimes the simplest misconfigurations are the most dangerous — an open Redis instance with no password stands between you and the flag.

Browsed is a devious medium Linux box where you weaponize a Chrome extension upload feature to chain browser automation, bash arithmetic injection, and Python bytecode poisoning into a full root compromise.

A Flask-based XML/XSLT converter with exposed source code, an unsanitized file upload, and a cron-powered RCE — topped off with a fresh needrestart CVE for root.