Saltar al contenido principal

Documentation Index

Fetch the complete documentation index at: https://rootea.es/llms.txt

Use this file to discover all available pages before exploring further.

Todas las máquinas

Catálogo completo: 203 máquinas retiradas con 615 writeups validados. Cmd+K / Ctrl+K.

Linux (140)

MáquinaDificultadSkillsWriteups
Admirer🟢 FácilInformation Leakage Admirer Exploitation (Abusing LOAD DATA LOCAL Query) Abusin…3
Antique🟢 FácilSNMP Enumeration Network Printer Abuse CUPS Administration Exploitation (ErrorL…3
Backdoor🟢 FácilLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Bank🟢 FácilTransferencia de zona DNS · SUID binaries · Remote Code Execution (RCE)3
Bashed🟢 FácilAbuso de cron · Abuso de sudo · phpbash (web shell PHP)2
Beep🟢 FácilLocal File Inclusion (LFI) · Shellshock (CVE-2014-6271) · Elastix LFI · Remote Code Execution (RCE)3
Blocky🟢 FácilWordPress Enumeration Information Leakage Analyzing a jar file - JD-Gui + SSH A…3
Blunder🟢 FácilBludit CMS Exploitation Bypassing IP Blocking (X-Forwarded-For Header) Director…3
BountyHunter🟢 FácilXML External Entity3
Delivery🟢 FácilVirtual Hosting Enumeration Abusing Support Ticket System Access to MatterMost…3
Doctor🟢 FácilRemote Code Execution (RCE)3
Frolic🟢 FácilRemote Code Execution (RCE)3
GoodGames🟢 FácilSQL Injection3
Haystack🟢 FácilElasticSearch Enumeration Information Leakage Kibana Enumeration Kibana Exploit…3
Horizontall🟢 FácilInformation Leakage Port Forwarding Strapi CMS Exploitation Laravel Exploitation3
Knife🟢 FácilRemote Code Execution (RCE)3
Laboratory🟢 FácilSUID binaries · Remote Code Execution (RCE)3
Lame🟢 FácilSMB (139/445)4
Late🟢 FácilVirtual Hosting Enumeration Abusing Upload File - Image to Text Flask Utility S…3
Mirai🟢 FácilCredenciales por defecto · USB forensics · Pi-hole credenciales por defecto2
Nibbles🟢 FácilRemote Code Execution (RCE)3
NodeBlog🟢 FácilSQL Injection · XML External Entity3
NunChucks🟢 FácilNodeJS SSTI (Server Side Template Injection) AppArmor Profile Bypass (Privilege…3
OpenSource🟢 FácilLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Pandora🟢 FácilRemote Code Execution (RCE) · SQL Injection3
Paper🟢 FácilInformation Leakage Abussing WordPress - Unauthenticated View Private/Draft Pos…3
Postman🟢 FácilRedis Enumeration Redis Exploitation - Write SSH Key Webmin Exploitation - Pyth…3
RouterSpace🟢 FácillinPEAS · Remote Code Execution (RCE)3
Safe🟢 FácilInformation Leakage Buffer Overflow [x64] [ROP Attacks using PwnTools] [NX Bypa…3
ScriptKiddie🟢 FácilRemote Code Execution (RCE)3
Secret🟢 FácilCode Analysis Abusing an API Json Web Tokens (JWT) Abusing/Leveraging Core Dump…3
Sense🟢 FácilpfSense · Remote Code Execution (RCE)3
Shocker🟢 FácilShellshock (CVE-2014-6271)3
SteamCloud🟢 FácilKubernetes API Enumeration (kubectl) Kubelet API Enumeration (kubeletctl) Comma…3
SwagShop🟢 FácilRemote Code Execution (RCE)3
Tabby🟢 FácilLocal File Inclusion (LFI)3
Teacher🟢 FácilFuzzing de directorios · Remote Code Execution (RCE)3
Traverxec🟢 FácilNostromo Exploitation Abusing Nostromo HomeDirs Configuration Exploiting Journa…3
Valentine🟢 FácilSSL Heartbleed Exploitation Cracking Hashes Tmux Socket File Session [Privilege…3
Validation🟢 FácilSQL Injection · Remote Code Execution (RCE)3
Apocalyst🟡 MedioRemote Code Execution (RCE)3
Aragog🟡 MedioXML External Entity3
Backend🟡 MedioRemote Code Execution (RCE)3
BackendTwo🟡 MedioRemote Code Execution (RCE)3
Bolt🟡 MedioInformation Leakage Subdomain Enumeration SSTI (Server Side Template Injection)…3
Book🟡 MedioCross-Site Scripting (XSS)3
Cache🟡 MedioSQL Injection · Remote Code Execution (RCE)3
Catch🟡 MedioSQL Injection · Remote Code Execution (RCE)3
Celestial🟡 MedioRemote Code Execution (RCE)3
Chaos🟡 MedioRemote Code Execution (RCE)3
Cronos🟡 MedioTransferencia de zona DNS · SQL Injection3
DevOops🟡 MedioXML External Entity3
Devzat🟡 MedioFuzzing de directorios · Remote Code Execution (RCE)3
Enterprise🟡 MedioSQL Injection3
Epsilon🟡 MedioRemote Code Execution (RCE)3
Europa🟡 MedioSQL Injection · Remote Code Execution (RCE)3
Flustered🟡 MedioRemote Code Execution (RCE)3
FluxCapacitor🟡 MedioFuzzing de directorios3
Forge🟡 MedioServer-Side Request Forgery3
Haircut🟡 MedioServer-Side Request Forgery3
Hawk🟡 MedioRemote Code Execution (RCE)3
Inception🟡 MedioLocal File Inclusion (LFI) · WebDAV · Fuzzing de directorios3
Jewel🟡 MedioRemote Code Execution (RCE)3
Lazy🟡 MedioSUID binaries3
Luke🟡 MedioFTP Enumeration Information Leakage Abusing NodeJS Application API Enumeration…3
Mango🟡 MedioSQL Injection · SUID binaries3
Meta🟡 MedioRemote Code Execution (RCE)3
Nineveh🟡 MedioRemote Code Execution (RCE) · Local File Inclusion (LFI)3
Node🟡 MedioSUID binaries3
Noter🟡 MedioFuzzing de directorios · Remote Code Execution (RCE)4
Obscurity🟡 MedioRemote Code Execution (RCE)3
October🟡 MedioAbusing October CMS (Upload File Vulnerability) Buffer Overflow - Bypassing ASL…3
Passage🟡 MedioCuteNews Exploitation Code Analysis USBCreator D-Bus Privilege Escalation Pytho…3
Pit🟡 MedioRemote Code Execution (RCE)3
Poison🟡 MedioLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Ransom🟡 MedioLogin Bypass (Type Juggling Attack) Decrypting a ZIP file (PlainText Attack - B…3
RedCross🟡 MedioRemote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Retired🟡 MedioLocal File Inclusion (LFI)3
Schooled🟡 MedioRemote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Seal🟡 MedioRemote Code Execution (RCE)3
Shibboleth🟡 MedioRemote Code Execution (RCE)3
SneakyMailer🟡 MedioInformation Leakage Mass Emailing Attack with SWAKS Password Theft Abusing Pypi…3
SolidState🟡 MedioAbuso de cron3
Stratosphere🟡 MedioApache Struts Exploitation (CVE-2017-5638) Python Library Hijacking (Privilege…3
TartarSauce🟡 MedioRemote File Inclusion (RFI) · Remote Code Execution (RCE)4
Tenet🟡 MedioPHP Deserialization Attack Abusing Race Condition3
Tenten🟡 MedioWordpress Enumeration CV filename disclosure on Job-Manager Wordpress Plugin [C…3
TheNotebook🟡 MedioAbusing JWT (Gaining privileges) Abusing Upload File Docker Breakout [CVE-2019-…3
Time🟡 MedioServer-Side Request Forgery · Remote Code Execution (RCE)3
Timing🟡 MedioLocal File Inclusion (LFI)3
Undetected🟡 MedioRemote Code Execution (RCE)3
Unicode🟡 MedioLocal File Inclusion (LFI)3
Union🟡 MedioSQL Injection · Remote Code Execution (RCE)3
Waldo🟡 MedioLocal File Inclusion (LFI)3
Wall🟡 MedioSUID binaries · Fuzzing de directorios · Remote Code Execution (RCE)3
Writer🟡 MedioSQL Injection3
AdmirerToo🟠 DifícilRemote Code Execution (RCE) · Server-Side Request Forgery3
Altered🟠 DifícilSQL Injection · Remote Code Execution (RCE)3
Charon🟠 DifícilSQL Injection · SUID binaries3
CrimeStoppers🟠 DifícilLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Dab🟠 DifícilServer-Side Request Forgery · SUID binaries · Fuzzing de directorios · Remote Code Execution (RCE)3
EarlyAccess🟠 DifícilSQL Injection · Local File Inclusion (LFI) · Cross-Site Scripting (XSS)3
Ellingson🟠 DifícilSUID binaries · Remote Code Execution (RCE)3
Falafel🟠 DifícilSQL Injection3
Feline🟠 DifícilRemote Code Execution (RCE)3
Flujab🟠 DifícilSQL Injection · SUID binaries · Remote Code Execution (RCE)3
Holiday🟠 DifícilSQL Injection · Remote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Joker🟠 DifícilRemote Code Execution (RCE)3
Kotarak🟠 DifícilServer-Side Request Forgery3
Mischief🟠 DifícilSNMP Enumeration Information Leakage IPV6 ICMP Data Exfiltration (Python Scapy)4
Monitors🟠 DifícilLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Oouch🟠 DifícilRemote Code Execution (RCE)3
Overflow🟠 DifícilSQL Injection · Remote Code Execution (RCE)3
OverGraph🟠 DifícilCross-Site Scripting (XSS) · SQL Injection · Fuzzing de directorios · Server-Side Request Forgery · SUID binaries · Remote Code Execution (RCE)3
Oz🟠 DifícilSQL Injection · Remote Code Execution (RCE)3
Phoenix🟠 DifícilSQL Injection3
Player🟠 DifícilRemote Code Execution (RCE)3
Pressed🟠 DifícilPassword Guessing WordPress Abusing RPC Calls WordPress XML-RPC Create WebShell…3
Quick🟠 DifícilRemote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Scavenger🟠 DifícilTransferencia de zona DNS · SQL Injection3
Shrek🟠 DifícilInformation Leakage Steganography Challenge - Hidden message in the spectrogram…3
Static🟠 DifícilSUID binaries · Remote Code Execution (RCE)3
Talkative🟠 DifícilRemote Code Execution (RCE)3
Tentacle🟠 DifícilActive Directory3
Travel🟠 DifícilRemote Code Execution (RCE)3
Unbalanced🟠 DifícilPi-hole credenciales por defecto · Remote Code Execution (RCE)3
Unobtainium🟠 DifícilLocal File Inclusion (LFI) · Remote Code Execution (RCE)3
Zetta🟠 DifícilSQL Injection · Remote Code Execution (RCE)3
Ariekei🔴 InsanoShellshock (CVE-2014-6271)3
Brainfuck🔴 InsanoTLS Certificate Inspection WordPress Enumeration WordPress WP Support Plus Resp…3
CrossFit🔴 InsanoRemote Code Execution (RCE) · Cross-Site Scripting (XSS)3
CTF🔴 InsanoRemote Code Execution (RCE)3
Fortune🔴 InsanoCommand Injection OpenSSL - Creating a new key OpenSSL - Creating a CSR file (C…3
Fulcrum🔴 InsanoRemote File Inclusion (RFI) · XML External Entity · Active Directory · Server-Side Request Forgery · Remote Code Execution (RCE)3
Jail🔴 InsanoCode Analysis Binary Exploitation Buffer Overflow x32 - Socket Re-Use Shellcode…3
Nightmare🔴 InsanoSQL Injection · Remote Code Execution (RCE) · Cross-Site Scripting (XSS)2
Reddish🔴 InsanoAbusing Node-Red Chisel & Socat Usage Redis-Cli Exploitation Rsync Abusing Cron…3
Sink🔴 InsanoHTTP Request Smuggling Exploitation (Leak Admin Cookie) Cookie Hijacking Inform…3
Stacked🔴 InsanoRemote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Toby🔴 InsanoAbusing GOGS (Project Enumeration) Static Code Analysis (Finding a backdoor wit…3

Windows (63)

MáquinaDificultadSkillsWriteups
Active🟢 FácilKerberoasting · SMB (139/445) · Group Policy Preferences (GPP)3
Arctic🟢 FácilAdobe ColdFusion 8 Exploitation Directory Traversal Vulnerability Cracking Hash…3
Blue🟢 FácilEternalBlue (MS17-010)3
Bounty🟢 FácilFuzzing de directorios · IIS (Microsoft Web Server)3
Buff🟢 FácilRemote Code Execution (RCE)3
Curling🟢 FácilRemote Code Execution (RCE)3
Devel🟢 FácilIIS (Microsoft Web Server)3
Driver🟢 FácilPassword Guessing SCF Malicious File Print Spooler Local Privilege Escalation (…3
Forest🟢 FácilTransferencia de zona DNS · BloodHound · DCSync3
Grandpa🟢 FácilWebDAV · IIS (Microsoft Web Server) · Remote Code Execution (RCE)3
Granny🟢 FácilWebDAV · IIS (Microsoft Web Server) · Remote Code Execution (RCE)3
Heist🟢 FácilSMB (139/445)3
Jerry🟢 FácilInformation Leakage Abusing Tomcat [Intrusion & Privilege Escalation]3
Legacy🟢 FácilEternalBlue (MS17-010)3
Love🟢 FácilServer-Side Request Forgery3
Netmon🟢 FácilRemote Code Execution (RCE)3
Optimum🟢 FácilHttpFileServer (CVE-2014-6287) · Remote Code Execution (RCE)3
Remote🟢 FácilRemote Code Execution (RCE)3
Return🟢 FácilAbusing Printer Abusing Server Operators Group Service Configuration Manipulati…3
Sauna🟢 FácilBloodHound · GetNPUsers (Impacket) · AutoLogon credentials · winPEAS · DCSync3
ServMon🟢 FácilLocal File Inclusion (LFI)3
TimeLapse🟢 FácilSMB (139/445)3
Toolbox🟢 FácilSQL Injection · Remote Code Execution (RCE)3
Atom🟡 MedioSMB (139/445) · Remote Code Execution (RCE)3
Bart🟡 MedioFuzzing de directorios · Remote Code Execution (RCE)3
Bastard🟡 MedioRemote Code Execution (RCE) · SQL Injection3
Cascade🟡 MedioActive Directory · Kerberoasting · GetNPUsers (Impacket) · SQL Injection · SMB (139/445)3
Chatterbox🟡 MedioAchat 0.150 beta7 - Buffer Overflow (Windows 7 32 bits) Generating a Shellcode…3
Giddy🟡 MedioSQL Injection3
Intelligence🟡 MedioActive Directory · BloodHound · Remote Code Execution (RCE)3
Jeeves🟡 MedioJenkins Exploitation (Groovy Script Console) RottenPotato (SeImpersonatePrivile…3
Json🟡 MedioRemote Code Execution (RCE)3
Monteverde🟡 MedioRemote Code Execution (RCE)3
Querier🟡 MedioActive Directory3
Resolute🟡 MedioSMB (139/445)2
Scrambled🟡 MedioKerberoasting · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE)6
SecNotes🟡 MedioSQL Injection · Fuzzing de directorios · IIS (Microsoft Web Server) · Cross-Site Scripting (XSS)3
Silo🟡 MedioAbusing Oracle Database Oracle Database Attacking Tool (ODAT) Installation Orac…3
Sniper🟡 MedioRemote File Inclusion (RFI) · Local File Inclusion (LFI) · SMB (139/445) · Remote Code Execution (RCE)4
StreamIO🟡 MedioRemote File Inclusion (RFI) · Local File Inclusion (LFI) · SQL Injection · BloodHound · AS-REP Roasting · SMB (139/445) · Remote Code Execution (RCE)3
Worker🟡 MedioFuzzing de directorios · IIS (Microsoft Web Server) · Remote Code Execution (RCE)3
Acute🟠 DifícilVirtual Hosting Information Leakage Abusing Windows PowerShell Web Access Real-…3
Blackfield🟠 DifícilActive Directory · BloodHound · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE)3
Breadcrumbs🟠 DifícilLocal File Inclusion (LFI) · SQL Injection3
Conceal🟠 DifícilIIS (Microsoft Web Server) · Remote Code Execution (RCE)3
Control🟠 DifícilSQL Injection · winPEAS · Remote Code Execution (RCE)3
Hancliffe🟠 DifícilRemote Code Execution (RCE)3
Helpline🟠 DifícilRemote Code Execution (RCE)5
Mantis🟠 DifícilActive Directory · BloodHound3
Object🟠 DifícilActive Directory · BloodHound · Remote Code Execution (RCE)3
RE🟠 DifícilXML External Entity · IIS (Microsoft Web Server) · Remote Code Execution (RCE)3
Reel🟠 DifícilActive Directory · Remote Code Execution (RCE)3
Reel2🟠 DifícilRemote Code Execution (RCE)3
Search🟠 DifícilActive Directory · Kerberoasting · BloodHound · SMB (139/445)3
Tally🟠 DifícilRemote Code Execution (RCE)3
Anubis🔴 InsanoCross-Site Scripting (XSS) · SMB (139/445) · Remote Code Execution (RCE)3
APT🔴 InsanowinPEAS · SMB (139/445)3
Bankrobber🔴 InsanoSQL Injection · SMB (139/445) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS)3
Fighter🔴 InsanoSQL Injection · Abuso de cron · Remote Code Execution (RCE)3
Hackback🔴 InsanoFuzzing de directorios · Remote Code Execution (RCE)3
Minion🔴 InsanoServer-Side Request Forgery3
MultiMaster🔴 InsanoActive Directory · SQL Injection · BloodHound · AS-REP Roasting · SMB (139/445) · Remote Code Execution (RCE)3
Sizzle🔴 InsanoActive Directory · Kerberoasting · BloodHound · DCSync · SMB (139/445)3