Documentation Index
Fetch the complete documentation index at: https://rootea.es/llms.txt
Use this file to discover all available pages before exploring further.
All machines
Full catalog: 203 retired machines with 615 validated writeups. Cmd+K / Ctrl+K.Linux (140)
| Machine | Difficulty | Skills | Writeups |
|---|---|---|---|
| Admirer | 🟢 Easy | Information Leakage Admirer Exploitation (Abusing LOAD DATA LOCAL Query) Abusin… | 3 |
| Antique | 🟢 Easy | SNMP Enumeration Network Printer Abuse CUPS Administration Exploitation (ErrorL… | 3 |
| Backdoor | 🟢 Easy | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Bank | 🟢 Easy | Transferencia de zona DNS · SUID binaries · Remote Code Execution (RCE) | 3 |
| Bashed | 🟢 Easy | Abuso de cron · Abuso de sudo · phpbash (web shell PHP) | 2 |
| Beep | 🟢 Easy | Local File Inclusion (LFI) · Shellshock (CVE-2014-6271) · Elastix LFI · Remote Code Execution (RCE) | 3 |
| Blocky | 🟢 Easy | WordPress Enumeration Information Leakage Analyzing a jar file - JD-Gui + SSH A… | 3 |
| Blunder | 🟢 Easy | Bludit CMS Exploitation Bypassing IP Blocking (X-Forwarded-For Header) Director… | 3 |
| BountyHunter | 🟢 Easy | XML External Entity | 3 |
| Delivery | 🟢 Easy | Virtual Hosting Enumeration Abusing Support Ticket System Access to MatterMost… | 3 |
| Doctor | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Frolic | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| GoodGames | 🟢 Easy | SQL Injection | 3 |
| Haystack | 🟢 Easy | ElasticSearch Enumeration Information Leakage Kibana Enumeration Kibana Exploit… | 3 |
| Horizontall | 🟢 Easy | Information Leakage Port Forwarding Strapi CMS Exploitation Laravel Exploitation | 3 |
| Knife | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Laboratory | 🟢 Easy | SUID binaries · Remote Code Execution (RCE) | 3 |
| Lame | 🟢 Easy | SMB (139/445) | 4 |
| Late | 🟢 Easy | Virtual Hosting Enumeration Abusing Upload File - Image to Text Flask Utility S… | 3 |
| Mirai | 🟢 Easy | Credenciales por defecto · USB forensics · Pi-hole credenciales por defecto | 2 |
| Nibbles | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| NodeBlog | 🟢 Easy | SQL Injection · XML External Entity | 3 |
| NunChucks | 🟢 Easy | NodeJS SSTI (Server Side Template Injection) AppArmor Profile Bypass (Privilege… | 3 |
| OpenSource | 🟢 Easy | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Pandora | 🟢 Easy | Remote Code Execution (RCE) · SQL Injection | 3 |
| Paper | 🟢 Easy | Information Leakage Abussing WordPress - Unauthenticated View Private/Draft Pos… | 3 |
| Postman | 🟢 Easy | Redis Enumeration Redis Exploitation - Write SSH Key Webmin Exploitation - Pyth… | 3 |
| RouterSpace | 🟢 Easy | linPEAS · Remote Code Execution (RCE) | 3 |
| Safe | 🟢 Easy | Information Leakage Buffer Overflow [x64] [ROP Attacks using PwnTools] [NX Bypa… | 3 |
| ScriptKiddie | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Secret | 🟢 Easy | Code Analysis Abusing an API Json Web Tokens (JWT) Abusing/Leveraging Core Dump… | 3 |
| Sense | 🟢 Easy | pfSense · Remote Code Execution (RCE) | 3 |
| Shocker | 🟢 Easy | Shellshock (CVE-2014-6271) | 3 |
| SteamCloud | 🟢 Easy | Kubernetes API Enumeration (kubectl) Kubelet API Enumeration (kubeletctl) Comma… | 3 |
| SwagShop | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Tabby | 🟢 Easy | Local File Inclusion (LFI) | 3 |
| Teacher | 🟢 Easy | Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Traverxec | 🟢 Easy | Nostromo Exploitation Abusing Nostromo HomeDirs Configuration Exploiting Journa… | 3 |
| Valentine | 🟢 Easy | SSL Heartbleed Exploitation Cracking Hashes Tmux Socket File Session [Privilege… | 3 |
| Validation | 🟢 Easy | SQL Injection · Remote Code Execution (RCE) | 3 |
| Apocalyst | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Aragog | 🟡 Medium | XML External Entity | 3 |
| Backend | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| BackendTwo | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Bolt | 🟡 Medium | Information Leakage Subdomain Enumeration SSTI (Server Side Template Injection)… | 3 |
| Book | 🟡 Medium | Cross-Site Scripting (XSS) | 3 |
| Cache | 🟡 Medium | SQL Injection · Remote Code Execution (RCE) | 3 |
| Catch | 🟡 Medium | SQL Injection · Remote Code Execution (RCE) | 3 |
| Celestial | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Chaos | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Cronos | 🟡 Medium | Transferencia de zona DNS · SQL Injection | 3 |
| DevOops | 🟡 Medium | XML External Entity | 3 |
| Devzat | 🟡 Medium | Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Enterprise | 🟡 Medium | SQL Injection | 3 |
| Epsilon | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Europa | 🟡 Medium | SQL Injection · Remote Code Execution (RCE) | 3 |
| Flustered | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| FluxCapacitor | 🟡 Medium | Fuzzing de directorios | 3 |
| Forge | 🟡 Medium | Server-Side Request Forgery | 3 |
| Haircut | 🟡 Medium | Server-Side Request Forgery | 3 |
| Hawk | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Inception | 🟡 Medium | Local File Inclusion (LFI) · WebDAV · Fuzzing de directorios | 3 |
| Jewel | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Lazy | 🟡 Medium | SUID binaries | 3 |
| Luke | 🟡 Medium | FTP Enumeration Information Leakage Abusing NodeJS Application API Enumeration… | 3 |
| Mango | 🟡 Medium | SQL Injection · SUID binaries | 3 |
| Meta | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Nineveh | 🟡 Medium | Remote Code Execution (RCE) · Local File Inclusion (LFI) | 3 |
| Node | 🟡 Medium | SUID binaries | 3 |
| Noter | 🟡 Medium | Fuzzing de directorios · Remote Code Execution (RCE) | 4 |
| Obscurity | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| October | 🟡 Medium | Abusing October CMS (Upload File Vulnerability) Buffer Overflow - Bypassing ASL… | 3 |
| Passage | 🟡 Medium | CuteNews Exploitation Code Analysis USBCreator D-Bus Privilege Escalation Pytho… | 3 |
| Pit | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Poison | 🟡 Medium | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Ransom | 🟡 Medium | Login Bypass (Type Juggling Attack) Decrypting a ZIP file (PlainText Attack - B… | 3 |
| RedCross | 🟡 Medium | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Retired | 🟡 Medium | Local File Inclusion (LFI) | 3 |
| Schooled | 🟡 Medium | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Seal | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Shibboleth | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| SneakyMailer | 🟡 Medium | Information Leakage Mass Emailing Attack with SWAKS Password Theft Abusing Pypi… | 3 |
| SolidState | 🟡 Medium | Abuso de cron | 3 |
| Stratosphere | 🟡 Medium | Apache Struts Exploitation (CVE-2017-5638) Python Library Hijacking (Privilege… | 3 |
| TartarSauce | 🟡 Medium | Remote File Inclusion (RFI) · Remote Code Execution (RCE) | 4 |
| Tenet | 🟡 Medium | PHP Deserialization Attack Abusing Race Condition | 3 |
| Tenten | 🟡 Medium | Wordpress Enumeration CV filename disclosure on Job-Manager Wordpress Plugin [C… | 3 |
| TheNotebook | 🟡 Medium | Abusing JWT (Gaining privileges) Abusing Upload File Docker Breakout [CVE-2019-… | 3 |
| Time | 🟡 Medium | Server-Side Request Forgery · Remote Code Execution (RCE) | 3 |
| Timing | 🟡 Medium | Local File Inclusion (LFI) | 3 |
| Undetected | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Unicode | 🟡 Medium | Local File Inclusion (LFI) | 3 |
| Union | 🟡 Medium | SQL Injection · Remote Code Execution (RCE) | 3 |
| Waldo | 🟡 Medium | Local File Inclusion (LFI) | 3 |
| Wall | 🟡 Medium | SUID binaries · Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Writer | 🟡 Medium | SQL Injection | 3 |
| AdmirerToo | 🟠 Hard | Remote Code Execution (RCE) · Server-Side Request Forgery | 3 |
| Altered | 🟠 Hard | SQL Injection · Remote Code Execution (RCE) | 3 |
| Charon | 🟠 Hard | SQL Injection · SUID binaries | 3 |
| CrimeStoppers | 🟠 Hard | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Dab | 🟠 Hard | Server-Side Request Forgery · SUID binaries · Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| EarlyAccess | 🟠 Hard | SQL Injection · Local File Inclusion (LFI) · Cross-Site Scripting (XSS) | 3 |
| Ellingson | 🟠 Hard | SUID binaries · Remote Code Execution (RCE) | 3 |
| Falafel | 🟠 Hard | SQL Injection | 3 |
| Feline | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Flujab | 🟠 Hard | SQL Injection · SUID binaries · Remote Code Execution (RCE) | 3 |
| Holiday | 🟠 Hard | SQL Injection · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Joker | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Kotarak | 🟠 Hard | Server-Side Request Forgery | 3 |
| Mischief | 🟠 Hard | SNMP Enumeration Information Leakage IPV6 ICMP Data Exfiltration (Python Scapy) | 4 |
| Monitors | 🟠 Hard | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Oouch | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Overflow | 🟠 Hard | SQL Injection · Remote Code Execution (RCE) | 3 |
| OverGraph | 🟠 Hard | Cross-Site Scripting (XSS) · SQL Injection · Fuzzing de directorios · Server-Side Request Forgery · SUID binaries · Remote Code Execution (RCE) | 3 |
| Oz | 🟠 Hard | SQL Injection · Remote Code Execution (RCE) | 3 |
| Phoenix | 🟠 Hard | SQL Injection | 3 |
| Player | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Pressed | 🟠 Hard | Password Guessing WordPress Abusing RPC Calls WordPress XML-RPC Create WebShell… | 3 |
| Quick | 🟠 Hard | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Scavenger | 🟠 Hard | Transferencia de zona DNS · SQL Injection | 3 |
| Shrek | 🟠 Hard | Information Leakage Steganography Challenge - Hidden message in the spectrogram… | 3 |
| Static | 🟠 Hard | SUID binaries · Remote Code Execution (RCE) | 3 |
| Talkative | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Tentacle | 🟠 Hard | Active Directory | 3 |
| Travel | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Unbalanced | 🟠 Hard | Pi-hole credenciales por defecto · Remote Code Execution (RCE) | 3 |
| Unobtainium | 🟠 Hard | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Zetta | 🟠 Hard | SQL Injection · Remote Code Execution (RCE) | 3 |
| Ariekei | 🔴 Insane | Shellshock (CVE-2014-6271) | 3 |
| Brainfuck | 🔴 Insane | TLS Certificate Inspection WordPress Enumeration WordPress WP Support Plus Resp… | 3 |
| CrossFit | 🔴 Insane | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| CTF | 🔴 Insane | Remote Code Execution (RCE) | 3 |
| Fortune | 🔴 Insane | Command Injection OpenSSL - Creating a new key OpenSSL - Creating a CSR file (C… | 3 |
| Fulcrum | 🔴 Insane | Remote File Inclusion (RFI) · XML External Entity · Active Directory · Server-Side Request Forgery · Remote Code Execution (RCE) | 3 |
| Jail | 🔴 Insane | Code Analysis Binary Exploitation Buffer Overflow x32 - Socket Re-Use Shellcode… | 3 |
| Nightmare | 🔴 Insane | SQL Injection · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 2 |
| Reddish | 🔴 Insane | Abusing Node-Red Chisel & Socat Usage Redis-Cli Exploitation Rsync Abusing Cron… | 3 |
| Sink | 🔴 Insane | HTTP Request Smuggling Exploitation (Leak Admin Cookie) Cookie Hijacking Inform… | 3 |
| Stacked | 🔴 Insane | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Toby | 🔴 Insane | Abusing GOGS (Project Enumeration) Static Code Analysis (Finding a backdoor wit… | 3 |
Windows (63)
| Machine | Difficulty | Skills | Writeups |
|---|---|---|---|
| Active | 🟢 Easy | Kerberoasting · SMB (139/445) · Group Policy Preferences (GPP) | 3 |
| Arctic | 🟢 Easy | Adobe ColdFusion 8 Exploitation Directory Traversal Vulnerability Cracking Hash… | 3 |
| Blue | 🟢 Easy | EternalBlue (MS17-010) | 3 |
| Bounty | 🟢 Easy | Fuzzing de directorios · IIS (Microsoft Web Server) | 3 |
| Buff | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Curling | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Devel | 🟢 Easy | IIS (Microsoft Web Server) | 3 |
| Driver | 🟢 Easy | Password Guessing SCF Malicious File Print Spooler Local Privilege Escalation (… | 3 |
| Forest | 🟢 Easy | Transferencia de zona DNS · BloodHound · DCSync | 3 |
| Grandpa | 🟢 Easy | WebDAV · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |
| Granny | 🟢 Easy | WebDAV · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |
| Heist | 🟢 Easy | SMB (139/445) | 3 |
| Jerry | 🟢 Easy | Information Leakage Abusing Tomcat [Intrusion & Privilege Escalation] | 3 |
| Legacy | 🟢 Easy | EternalBlue (MS17-010) | 3 |
| Love | 🟢 Easy | Server-Side Request Forgery | 3 |
| Netmon | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Optimum | 🟢 Easy | HttpFileServer (CVE-2014-6287) · Remote Code Execution (RCE) | 3 |
| Remote | 🟢 Easy | Remote Code Execution (RCE) | 3 |
| Return | 🟢 Easy | Abusing Printer Abusing Server Operators Group Service Configuration Manipulati… | 3 |
| Sauna | 🟢 Easy | BloodHound · GetNPUsers (Impacket) · AutoLogon credentials · winPEAS · DCSync | 3 |
| ServMon | 🟢 Easy | Local File Inclusion (LFI) | 3 |
| TimeLapse | 🟢 Easy | SMB (139/445) | 3 |
| Toolbox | 🟢 Easy | SQL Injection · Remote Code Execution (RCE) | 3 |
| Atom | 🟡 Medium | SMB (139/445) · Remote Code Execution (RCE) | 3 |
| Bart | 🟡 Medium | Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Bastard | 🟡 Medium | Remote Code Execution (RCE) · SQL Injection | 3 |
| Cascade | 🟡 Medium | Active Directory · Kerberoasting · GetNPUsers (Impacket) · SQL Injection · SMB (139/445) | 3 |
| Chatterbox | 🟡 Medium | Achat 0.150 beta7 - Buffer Overflow (Windows 7 32 bits) Generating a Shellcode… | 3 |
| Giddy | 🟡 Medium | SQL Injection | 3 |
| Intelligence | 🟡 Medium | Active Directory · BloodHound · Remote Code Execution (RCE) | 3 |
| Jeeves | 🟡 Medium | Jenkins Exploitation (Groovy Script Console) RottenPotato (SeImpersonatePrivile… | 3 |
| Json | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Monteverde | 🟡 Medium | Remote Code Execution (RCE) | 3 |
| Querier | 🟡 Medium | Active Directory | 3 |
| Resolute | 🟡 Medium | SMB (139/445) | 2 |
| Scrambled | 🟡 Medium | Kerberoasting · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE) | 6 |
| SecNotes | 🟡 Medium | SQL Injection · Fuzzing de directorios · IIS (Microsoft Web Server) · Cross-Site Scripting (XSS) | 3 |
| Silo | 🟡 Medium | Abusing Oracle Database Oracle Database Attacking Tool (ODAT) Installation Orac… | 3 |
| Sniper | 🟡 Medium | Remote File Inclusion (RFI) · Local File Inclusion (LFI) · SMB (139/445) · Remote Code Execution (RCE) | 4 |
| StreamIO | 🟡 Medium | Remote File Inclusion (RFI) · Local File Inclusion (LFI) · SQL Injection · BloodHound · AS-REP Roasting · SMB (139/445) · Remote Code Execution (RCE) | 3 |
| Worker | 🟡 Medium | Fuzzing de directorios · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |
| Acute | 🟠 Hard | Virtual Hosting Information Leakage Abusing Windows PowerShell Web Access Real-… | 3 |
| Blackfield | 🟠 Hard | Active Directory · BloodHound · GetNPUsers (Impacket) · SMB (139/445) · Remote Code Execution (RCE) | 3 |
| Breadcrumbs | 🟠 Hard | Local File Inclusion (LFI) · SQL Injection | 3 |
| Conceal | 🟠 Hard | IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |
| Control | 🟠 Hard | SQL Injection · winPEAS · Remote Code Execution (RCE) | 3 |
| Hancliffe | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Helpline | 🟠 Hard | Remote Code Execution (RCE) | 5 |
| Mantis | 🟠 Hard | Active Directory · BloodHound | 3 |
| Object | 🟠 Hard | Active Directory · BloodHound · Remote Code Execution (RCE) | 3 |
| RE | 🟠 Hard | XML External Entity · IIS (Microsoft Web Server) · Remote Code Execution (RCE) | 3 |
| Reel | 🟠 Hard | Active Directory · Remote Code Execution (RCE) | 3 |
| Reel2 | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Search | 🟠 Hard | Active Directory · Kerberoasting · BloodHound · SMB (139/445) | 3 |
| Tally | 🟠 Hard | Remote Code Execution (RCE) | 3 |
| Anubis | 🔴 Insane | Cross-Site Scripting (XSS) · SMB (139/445) · Remote Code Execution (RCE) | 3 |
| APT | 🔴 Insane | winPEAS · SMB (139/445) | 3 |
| Bankrobber | 🔴 Insane | SQL Injection · SMB (139/445) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Fighter | 🔴 Insane | SQL Injection · Abuso de cron · Remote Code Execution (RCE) | 3 |
| Hackback | 🔴 Insane | Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Minion | 🔴 Insane | Server-Side Request Forgery | 3 |
| MultiMaster | 🔴 Insane | Active Directory · SQL Injection · BloodHound · AS-REP Roasting · SMB (139/445) · Remote Code Execution (RCE) | 3 |
| Sizzle | 🔴 Insane | Active Directory · Kerberoasting · BloodHound · DCSync · SMB (139/445) | 3 |