Windows

An Insane-rated Windows box chaining AngularJS CSTI, a subtle OAuth logical flaw, SQLite’s load_extension for DLL-based RCE, Edge DPAPI credential decryption, and .NET AppDomainManager injection to reach SYSTEM.

Fries is a Hard Windows box that takes you through a dense multi-layer attack chain: credential leaks in Gitea, authenticated RCE in pgAdmin, Docker CA key theft, LDAP credential poisoning, and finally ADCS certificate abuse to own the domain.

NanoCorp chains a sneaky NTLM capture through a hiring portal’s file upload, Active Directory ACL abuse via BloodHound, and a Checkmk MSI repair privilege escalation — all on a fully patched Windows Server 2022 DC.