Introduction Welcome to Olympus. After starting the VM, allow up to 5 minutes for the machine to fully boot. ⚠️ **Brute forcing any login page is strictly out of scope.** If you get stuck, ...

Introduction This machine demonstrates a complete compromise chain starting from a vulnerable web service and ending with full root access on the host system. The attack progresses through web exp...

Introduction This machine is inspired by the TV show Mr. Robot and is aimed at beginner to intermediate players. The goal is to obtain root access and retrieve three hidden keys stored on the sys...

Introduction A developer requested a vulnerability assessment of their system. “Don’t always trust what you can’t see.” This hint strongly suggests hidden functionality or unsafe backend lo...

Introduction This room simulates a vulnerable infrastructure designed to test real‑world enumeration and exploitation skills. There are no puzzles or guesswork involved — thorough enumeration is t...

Introduction Can you help the NSF gain a foothold in UNATCO’s systems? The NSF are preparing to raid Liberty Island in order to seize a shipment of Ambrosia from UNATCO (United Nations Anti-Terro...

Introduction Target IP: 10.67.142.188 Difficulty: Medium This machine exposes a vulnerable web application that allows SSRF-based local file access, leading to SSH key disclosure and a local pri...

Introduction Test your enumeration skills on this boot-to-root machine. Soupedecode is an intense and engaging challenge in which players must compromise a domain controller by exploiting Kerberos...

Introduction This challenge focuses on gaining access to an administrative blog console owned by Stefan. The target application is presented as a blog platform protected by several security mechan...

Introduction “Shhh… be very very quiet. No shouting inside the biblioteca.” The challenge hints at sticking to the basics — and that’s exactly what we’ll do. Port Enumeration As always, the fir...