Linux

Meow is HTB’s gentlest introduction to penetration testing — a single open Telnet port, no password on the root account, and an immediate lesson in why legacy services are dangerous.

Redeemer proves that sometimes the simplest misconfigurations are the most dangerous — an open Redis instance with no password stands between you and the flag.

Browsed is a devious medium Linux box where you weaponize a Chrome extension upload feature to chain browser automation, bash arithmetic injection, and Python bytecode poisoning into a full root compromise.

A Flask-based XML/XSLT converter with exposed source code, an unsanitized file upload, and a cron-powered RCE — topped off with a fresh needrestart CVE for root.