Retired Machines

Gavel chains an exposed git repo, a subtle PDO prepared statement SQL injection, and a creative PHP sandbox escape — overwriting the php.ini from inside the sandbox itself — to reach root.

AirTouch is a unique HTB medium box where you pivot through three network segments entirely over WiFi — cracking WPA-PSK, stealing session cookies from decrypted traffic, and pulling off a real-cert evil twin attack to capture MSCHAPv2 credentials.

Eighteen is a Windows Server 2025 Domain Controller box that chains MSSQL impersonation, Werkzeug hash cracking, and the newly-disclosed BadSuccessor vulnerability (CVE-2025-53779) to achieve full domain compromise — a rare chance to exploit a live DC in a lab environment.

MonitorsFour chains a fresh Cacti RCE vulnerability with an exposed Docker API to go from web login to full Windows host compromise — a great lesson in container escape methodology.