Oscp-Prep

A Minecraft panel hiding two CVEs and a SUSE-specific PAM trick — Pterodactyl chains a Laravel LFI into code execution, then escalates via a race-condition SUID mount flaw in udisks2.

WingData chains two fresh CVEs — an unauthenticated RCE in Wing FTP Server and a Python tarfile filter bypass via PATH_MAX overflow — into a clean root. Don’t let the ‘Easy’ rating fool you.

MonitorsFour chains a fresh Cacti RCE vulnerability with an exposed Docker API to go from web login to full Windows host compromise — a great lesson in container escape methodology.

Meow is HTB’s gentlest introduction to penetration testing — a single open Telnet port, no password on the root account, and an immediate lesson in why legacy services are dangerous.

Overwatch chains MSSQL linked server credential capture via DNS poisoning with a WCF service PowerShell injection to go from unauthenticated to Domain Admin on a Windows Server 2022 DC.

Browsed is a devious medium Linux box where you weaponize a Chrome extension upload feature to chain browser automation, bash arithmetic injection, and Python bytecode poisoning into a full root compromise.

A Flask-based XML/XSLT converter with exposed source code, an unsanitized file upload, and a cron-powered RCE — topped off with a fresh needrestart CVE for root.