Planning de Estudio con S4vitar [Preparación OSCP, OSED, OSWE, OSWP, OSEP, eJPT, eWPT, eWPTXv2, eCPPTv3, eCPTXv2]

	A	B	C	D	E	F	G	H
1
2	Nuestro buscador para filtrar por máquinas: https://infosecmachines.io/				🡰 Usa este buscador para filtrar por lo que necesites (Técnicas, OS, Dificultad, Certificaciones, etc.)
3
4	Máquina	Dirección IP	Sistema Operativo	Dificultad	Técnicas Vistas	Like	Writeup	Resuelta
5	Tentacle	10.10.10.224	Linux	Difícil	DNS Enumeration (dnsenum) SQUID Proxy WPAD Enumeration OpenSMTPD v2.0.0 Exploit SSH using Kerberos (gssapi) Abusing .k5login file Abusing krb5.keytab file	eCPPTv3 eCPTXv2 OSCP OSEP eWPT eWPTXv2 OSWE Active Directory	https://www.youtube.com/watch?v=hFIWuWVIDek	Si
6	Validation	10.10.11.116	Linux	Fácil	SQLI (Error Based) SQLI -> RCE (INTO OUTFILE) Information Leakage	eJPT eWPT	https://www.youtube.com/watch?v=78i-qbhEUVU	Si
7	Mischief	10.10.10.92	Linux	Insane	SNMP Enumeration Information Leakage IPV6 ICMP Data Exfiltration (Python Scapy)	OSCP eWPT eWPTXv2 eCPPTv3 eCPTXv2 OSWE	https://www.youtube.com/watch?v=Q6vlt9BlnWg	Si
8	Reddish	10.10.10.94	Linux	Insane	Abusing Node-Red Chisel & Socat Usage Redis-Cli Exploitation Rsync Abusing Cron Exploitation Disk Mount File Transfer Tips PIVOTING	eCPPTv3 eCPTXv2	https://www.youtube.com/watch?v=XQQ104hWFXE	Si
9	Return	10.10.11.108	Windows	Fácil	Abusing Printer Abusing Server Operators Group Service Configuration Manipulation	eJPT OSCP (Escalada)	https://www.youtube.com/watch?v=5QC5lshrDDo	Si
10	Horizontall	10.10.11.105	Linux	Fácil	Information Leakage Port Forwarding Strapi CMS Exploitation Laravel Exploitation	eWPT eJPT	https://www.youtube.com/watch?v=s2b-BH0I7R4	Si
11	Pressed	10.10.11.142	Linux	Difícil	Password Guessing WordPress Abusing RPC Calls WordPress XML-RPC Create WebShell PwnKit Exploit	OSCP eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=67TQsX88EtM	Si
12	Epsilon	10.10.11.134	Linux	Media	Git Source Leak Exploit (GitHack) AWS Enumeration Lambda Function Enumeration Authentication Bypass Abusing JWT Server Side Template Injection (SSTI) Tar Symlink Exploitation	eWPT eWPTXv2 OSCP OSWE	https://www.youtube.com/watch?v=tMsK6ZiB7CQ	Si
13	Jeeves	10.10.10.63	Windows	Media	Jenkins Exploitation (Groovy Script Console) RottenPotato (SeImpersonatePrivilege) PassTheHash (Psexec) Breaking KeePass Alternate Data Streams (ADS)	OSCP eJPT eWPT eCPPTv3	https://www.youtube.com/watch?v=TwJiEWjI6Go	Si
14	Pit	10.10.10.241	Linux	Media	Information Leakage SNMP Enumeration (Snmpwalk/Snmpbulkwalk) SeedDMS Exploitation SELinux (Extra) SNMP Code Execution	OSCP eWPT	https://www.youtube.com/watch?v=mxHbnV_LB20	Si
15	Blackfield	10.10.10.192	Windows	Difícil	SMB Enumeration Kerberos User Enumeration (Kerbrute) ASRepRoast Attack (GetNPUsers) Bloodhound Enumeration Abusing ForceChangePassword Privilege (net rpc) Lsass Dump Analysis (Pypykatz) Abusing WinRM SeBackupPrivilege Exploitation DiskShadow Robocopy Usage NTDS Credentials Extraction (secretsdump)	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=0cPq2UV2vmg	Si
16	EarlyAccess	10.10.11.110	Linux	Difícil	XSS Injection XSS Cookie Stealing Cookie Hijacking Code Analysis Building a Key Generator (PYTHON) SQLI (Error Based) LFI && Wrappers Bash Scripting for Host Discovering Information Leakage Pivoting Abusing Docker Abusing Capabilities	eCPPTv3 eCPTXv2 OSCP eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=31CvSq9lcqU	Si
17	Flustered	10.10.11.131	Linux	Media	Abusing Squid Proxy Abusing GlusterFS Information Leakage Server Side Template Injection (SSTI)[RCE] Abusing Azure Storage	OSCP eJPT eWPT eWPTXv2 eCPPTv3 OSWE	https://www.youtube.com/watch?v=MQeB_fItmW8	Si
18	Love	10.10.10.239	Windows	Fácil	Server Side Request Forgery (SSRF) Exploiting Voting System Abusing AlwaysInstallElevated (msiexec/msi file)	eJPT eWPT OSCP (Escalada)	https://www.youtube.com/watch?v=5tEBvG0OnWQ	Si
19	NodeBlog	10.10.11.139	Linux	Fácil	NoSQL Injection (Authentication Bypass) XXE File Read NodeJS Deserialization Attack (IIFE Abusing) Mongo Database Enumeration	eJPT eWPT	https://www.youtube.com/watch?v=MPArplyCIjM	Si
20	NunChucks	10.10.11.122	Linux	Fácil	NodeJS SSTI (Server Side Template Injection) AppArmor Profile Bypass (Privilege Escalation)	eJPT eWPT	https://www.youtube.com/watch?v=RRig0TQKYy8	Si
21	Bolt	10.10.11.114	Linux	Media	Information Leakage Subdomain Enumeration SSTI (Server Side Template Injection) Abusing PassBolt Abusing GPG	eJPT eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=zemqqJMl1VA	Si
22	GoodGames	10.10.11.130	Linux	Fácil	SQLI (Error Based) Hash Cracking Weak Algorithms Password Reuse Server Side Template Injection (SSTI) Docker Breakout (Privilege Escalation) [PIVOTING]	eJPT eWPT eCPPTv3 OSCP (Escalada)	https://www.youtube.com/watch?v=r3WMeRtwmFc	Si
23	Hawk	10.10.10.102	Linux	Media	OpenSSL Cipher Brute Force and Decryption Drupal Enumeration/Exploitation H2 Database Exploitation	eJPT eWPT	https://www.youtube.com/watch?v=qiCozh2m0yE	Si
24	Monitors	10.10.10.238	Linux	Difícil	Information Leakage WordPress Plugin Exploitation (Spritz) Local File Inclusion (LFI) Cacti 1.2.12 Exploitation Apache OfBiz Deserialization Attack (RCE) Docker Breakout (cap_sys_module Capabilitie) [PRIVILEGE ESCALATION]	eCPPTv3 eWPT eWPTXv2 OSCP OSWE	https://www.youtube.com/watch?v=u0eFap03oDY	Si
25	Intelligence	10.10.10.248	Windows	Media	Information Leakage Kerberos Enumeration (Kerbrute) Creating a DNS Record (dnstool.py) [Abusing ADIDNS] Intercepting Net-NTLMv2 Hashes with Responder BloodHound Enumeration Abusing ReadGMSAPassword Rights (gMSADumper) Pywerview Usage Abusing Unconstrained Delegation Abusing AllowedToDelegate Rights (getST.py) (User Impersonation) Using .ccache file with wmiexec.py (KRB5CCNAME)	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=LI8wnTUc5-I	Si
26	Scavenger	10.10.10.155	Linux	Difícil	Domain Zone Transfer (AXFR) SQLI (Error Based) [WHOIS] PCAP Analysis (Tshark && Wireshark) Abusing Rootkit	eWPT	https://www.youtube.com/watch?v=5-L8T8Qsxfs	Si
27	Driver	10.10.11.106	Windows	Fácil	Password Guessing SCF Malicious File Print Spooler Local Privilege Escalation (PrintNightmare) [CVE-2021-1675]	OSCP (Escalada) eJPT	https://www.youtube.com/watch?v=TY8NgOUVXjM	Si
28	Minion	10.10.10.57	Windows	Insane	Server Side Request Forgery (SSRF) [Internal Port Discovery] ICMP Reverse Shell (PowerShell) [Firewall Bypassing] Alternate Data Streams (ADS) Firewall Evasion [Firewall Rules Manipulation]	eWPTXv2 OSWE	https://www.youtube.com/watch?v=yCXJI0H0704	Si
29	Sizzle	10.10.10.103	Windows	Insane	SMBCacls Enumeration Malicious SCF File (Getting NetNTLMv2 Hash) Ldap Enumeration (LdapDomainDump) Abusing Microsoft Active Directory Certificate Services Creating Certificate Signing Requests (CSR) [Openssl] CLM / AppLocker Break Out (Escaping ConstrainedLanguage) PSByPassCLM Usage (CLM / AppLocker Break out) Msbuild (CLM / AppLocker Break Out) Kerberoasting Attack (Rubeus) Kerberoasting Attack (Chisel Port Forward - GetUserSPNs.py) WINRM Connections BloodHound Enumeration DCSync Attack (secretsdump.py) DCSync Attack (Mimikatz) PassTheHash (wmiexec.py)	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=7W2h7qoCShk	Si
30	Toolbox	10.10.10.236	Windows	Fácil	PostgreSQL Injection (RCE) Abusing boot2docker [Docker-Toolbox] Pivoting	eWPT OSCP (Intrusión) eJPT eCPPTv2	https://www.youtube.com/watch?v=0wTYfJsZdKU	Si
31	Enterprise	10.10.10.61	Linux	Media	WordPress Lcars Plugin SQLI Vulnerability SQL Injection (boolean-based blind, error-based, time-based blind) WordPress Exploitation [www-data] (Theme Edition - 404.php Template) Joomla Exploitation [www-data] (Template Manipulation) Docker Breakout Ghidra Binary Analysis Buffer Overflow (No ASLR - PIE enabled) [RET2LIBC] (Privilege Escalation)	eWPT eCPPTv3 eCPTXv2 Buffer Overflow	https://www.youtube.com/watch?v=2ZzVu5mdzgA	Si
32	Chaos	10.10.10.120	Linux	Media	Password Guessing Abusing e-mail service (claws-mail) Crypto Challenge (Decrypt Secret Message - AES Encrypted) LaTeX Injection (RCE) Bypassing rbash (Restricted Bash) Extracting Credentials from Firefox Profile	eWPT eJPT	https://www.youtube.com/watch?v=-t0CkWmiq6s	Si
33	SteamCloud	10.10.11.133	Linux	Fácil	Kubernetes API Enumeration (kubectl) Kubelet API Enumeration (kubeletctl) Command Execution through kubeletctl on the containers Cluster Authentication (ca.crt/token files) with kubectl Creating YAML file for POD creation Executing commands on the new POD Reverse Shell through YAML file while deploying the POD	eWPTXv2 OSWE	https://www.youtube.com/watch?v=q3mFOd8eRQs	Si
34	Seal	10.10.10.250	Linux	Media	Information Leakage (GitBucket) Breaking Parser Logic - Abusing Reverse Proxy / URI Normalization Exploiting Tomcat (RCE) [Creating malicious WAR] Abusing existing YML Playbook file [Cron Job] Ansible-playbook exploitation (sudo privilege)	eWPT eWPTXv2 OSCP (Intrusión) OSWE	https://www.youtube.com/watch?v=IShxpoRMxW8	Si
35	Hancliffe	10.10.11.115	Windows	Difícil	Abusing URI Normalization Server Side Template Injection (SSTI) [NUXEO Vulnerability] Unified Remote 3 Exploitation (RCE) Decrypt Mozilla protected passwords Reversing EXE in Ghidra Buffer Overflow (Socket Reuse Technique) [AVANZADO]	Buffer Overflow OSED OSCP (Intrusión) eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=A_7Cwl2bBC0	Si
36	Antique	10.10.11.107	Linux	Fácil	SNMP Enumeration Network Printer Abuse CUPS Administration Exploitation (ErrorLog) EXTRA -> (DirtyPipe) [CVE-2022-0847]	eJPT	https://www.youtube.com/watch?v=pvtergVU__4	Si
37	Object	10.10.11.132	Windows	Difícil	Jenkins Exploitation (New Job + Abusing Build Periodically) Jenkins Exploitation (Abusing Trigger builds remotely using TOKEN) Firewall Enumeration Techniques Jenkins Password Decrypt BloodHound Enumeration Abusing ForceChangePassword with PowerView Abusing GenericWrite (Set-DomainObject - Setting Script Logon Path) Abusing WriteOwner (Takeover Domain Admins Group)	OSCP OSEP eCPPTv3 OSWE Active Directory	https://www.youtube.com/watch?v=K8d2CmQAV9Q	Si
38	Stratosphere	10.10.10.64	Linux	Media	Apache Struts Exploitation (CVE-2017-5638) Python Library Hijacking (Privilege Escalation)	eWPT eJPT	https://www.youtube.com/watch?v=KADZhYY9Wpw	Si
39	Devzat	10.10.11.118	Linux	Media	Fuzzing Directory .git (GIT Project Recomposition) Web Injection (RCE) Abusing InfluxDB (CVE-2019-20933) Abusing Devzat Chat /file command (Privilege Escalation) EXTRA (Crypto CTF Challenge \| N Factorization)	eWPT eJPT	https://www.youtube.com/watch?v=WXdF3wqwtqQ	Si
40	Helpline	10.10.10.132	Windows	Difícil	ManageEngine ServiceDesk Plus User Enumeration ManageEngine ServiceDesk Plus Authentication Bypassing ManageEngine ServiceDesk Plus Remote Code Execution Disabling Windows Defender (PowerShell) Mimikatz - Getting NTLM User Hashes (lsadump::sam) Reading Event Logs with Powershell (RamblingCookieMonster) [Get-WinEventData] Decrypting EFS files with Mimikatz Getting the certificate with Mimikatz (crypto::system) Decrypting the masterkey with Mimikatz (dpapi::masterkey) Decrypting the private key with Mimikatz (dpapi::capi) Building a correct PFX with Openssl Installing the PFX via certutil Installing VNC in the box via msiexec Connecting to the VNC service using vncviewer Converting Secure String File to PlainText Using RunAs to execute commands as the administrator	eWPT OSCP	https://www.youtube.com/watch?v=EGlLewVI_M0	Si
41	Ransom	10.10.11.153	Linux	Media	Login Bypass (Type Juggling Attack) Decrypting a ZIP file (PlainText Attack - Bkcrack) - CONTI RANSOMWARE	eWPT	https://www.youtube.com/watch?v=_hnKZ1YgzyA	Si
42	Bankrobber	10.10.10.154	Windows	Insane	Blind XSS Injection Stealing the session cookie by XSS injection SQLI - Error Based SQLI - File Access SQLI - Stealing Net-NTLMv2 Hash (impacket-smbserver) XSS + XSRF => RCE Abusing a custom binary (Brute Force Pin && Overflow)	eWPT eWPTXv2 OSWE OSCP (Intrusión)	https://www.youtube.com/watch?v=NAKePo2HLjI	Si
43	Tenet	10.10.10.223	Linux	Media	PHP Deserialization Attack Abusing Race Condition	eWPT	https://www.youtube.com/watch?v=Isgpbsi9Tpc	Si
44	Stacked	10.10.11.112	Linux	Insane	Virtual Hosting Enumeration Referer XSS Injection XSS - Creating JS file (accessing unauthorized resources) Checking/Reading mail through XSS injection AWS Enumeration Lambda Enumeration Creating a Lambda Function (NodeJS) Invoking the created lambda function RCE on LocalStack Abusing FunctionName Parameter (AWS) by exploiting XSS vulnerability (RCE) Finding and exploiting custom 0Day [Privilege Escalation] Root FileSystem Access by abusing Docker	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=L1w3DwxFHFg	Si
45	Mantis	10.10.10.52	Windows	Difícil	Database Enumeration (DBeaver) Bloodhound Enumeration (bloodhound-python) Exploiting MS14-068 (goldenPac.py) [Microsoft Kerberos Checksum Validation Vulnerability]	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=3p0myaukHBk	Si
46	TheNotebook	10.10.10.230	Linux	Media	Abusing JWT (Gaining privileges) Abusing Upload File Docker Breakout [CVE-2019-5736 - RUNC] (Privilege Escalation)	eWPT OSCP (Escalada) OSWE	https://www.youtube.com/watch?v=dekA2dzLSlE	Si
47	Travel	10.10.10.189	Linux	Difícil	Git Project Recomposition (.git) [Git-Dumper] Abusing WordPress (SimplePie + Memcache) [PHP Code Analysis] Memcache Object Poisoning (Gopherus + Deserialization Attack + RCE) LDAP Enumeration (Apache Directory Studio - GUI) Abusing LDAP to add an SSH Key Abusing LDAP to modify the user group to sudo (Privilege Escalation)	eWPT eWPTXv2 OSWE OSCP (Escalada)	https://www.youtube.com/watch?v=B5_NsxWlXTU	Si
48	Shocker	10.10.10.56	Linux	Fácil	ShellShock Attack (User-Agent) Abusing Sudoers Privilege (Perl) EXTRA: Creamos nuestro propio CTF en Docker que contemple ShellShock	eWPT eJPT	https://www.youtube.com/watch?v=xaOgoGYyJF4	Si
49	SneakyMailer	10.10.10.197	Linux	Media	Information Leakage Mass Emailing Attack with SWAKS Password Theft Abusing Pypi Server (Creating a Malicious Pypi Package) Abusing Sudoers Privilege (Pip3)	OSCP	https://www.youtube.com/watch?v=QWkM74ZBVO4	Si
50	Secret	10.10.11.120	Linux	Fácil	Code Analysis Abusing an API Json Web Tokens (JWT) Abusing/Leveraging Core Dump [Privilege Escalation]	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=YfVnbzpjz2I	Si
51	Giddy	10.10.10.104	Windows	Media	SQL Injection (XP_DIRTREE) [SQLI] - Get Net-NTLMv2 Hash Windows Defender Evasion (Ebowla) Windows Defender Evasion (Building our own C program) Service Listing Techniques Abusing Unifi-Video (Privilege Escalation)	eWPT OSCP OSWE	https://www.youtube.com/watch?v=2ZnbIAPzmpg	Si
52	Haystack	10.10.10.115	Linux	Fácil	ElasticSearch Enumeration Information Leakage Kibana Enumeration Kibana Exploitation (CVE-2018-17246) Abusing Logstash (Privilege Escalation)	eWPT OSCP (Escalada) OSWE	https://www.youtube.com/watch?v=-Ck0z8N1LxQ	Si
53	Passage	10.10.10.206	Linux	Media	CuteNews Exploitation Code Analysis USBCreator D-Bus Privilege Escalation Python Exploit Development (AutoPwn)	eWPT OSWE OSCP (Escalada)	https://www.youtube.com/watch?v=O5v3yzvgYjw	Si
54	Altered	10.10.11.159	Linux	Difícil	Brute Force Pin / Rate-Limit Bypass [Headers] Type Juggling Bypassing SQL Injection (Error Based) SQLI to RCE -> INTO OUTFILE Query Dirty Pipe Exploit (But with PAM-Wordle configured)	OSCP eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=_8ih4aNNI4M	Si
55	Shibboleth	10.10.11.124	Linux	Media	Abusing IPMI (Intelligent Platform Management Interface) Zabbix Exploitation MariaDB Remote Code Execution (CVE-2021-27928)	eWPT OSCP	https://www.youtube.com/watch?v=mkB1Vfw35XY	Si
56	Tally	10.10.10.59	Windows	Difícil	SharePoint Enumeration Information Leakage Playing with mounts (cifs, curlftpfs) Abusing Keepass Abusing Microsoft SQL Server (mssqlclient.py - xp_cmdshell RCE) Abusing SeImpersonatePrivilege (JuicyPotato)	OSCP	https://www.youtube.com/watch?v=fMZCktwAD2w	Si
57	Ellingson	10.10.10.139	Linux	Difícil	Abusing Werkzeug Debugger (RCE) Binary Exploitation Advanced Buffer Overflow x64 - ROP / ASLR Bypass (Leaking Libc Address + Ret2libc + Setuid)	Buffer Overflow eWPT (Intrusión)	https://www.youtube.com/watch?v=8dLPT-imMYk	Si
58	Quick	10.10.10.186	Linux	Difícil	HTTP/3 Enumeration Recompiling curl to accept HTTP/3 requests Information Leakage Brute force in authentication panel XSS Injection Abusing Esigate (ESI Injection - RCE) Manipulating passwords in the database Abuing POS Print Server (File Hijacking Attack)	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=C1NZVah39ms	Si
59	Traverxec	10.10.10.165	Linux	Fácil	Nostromo Exploitation Abusing Nostromo HomeDirs Configuration Exploiting Journalctl (Privilege Escalation)	eWPT OSCP (Escalada)	https://www.youtube.com/watch?v=7aCplH8WZm0	Si
60	Sink	10.10.10.225	Linux	Insane	HTTP Request Smuggling Exploitation (Leak Admin Cookie) Cookie Hijacking Information Leakage AWS Enumeration AWS Secrets Manager AWS Key_management Enumeration AWS KMS Decrypting File	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=2qKXz_Rk2YE	Si
61	Overflow	10.10.11.119	Linux	Difícil	Padding Oracle Attack (Padbuster) Padding Oracle Attack (Bit Flipper Attack - BurpSuite) [EXTRA] Cookie Hijacking SQL Injection (Generic UNION query) [SQLI] - Error Based Breaking Password Upload File - Abusing Exiftool (RCE) DNS Hijacking (Abusing Cron Job) Ghidra Binary Analysis Reversing Code (Computing valid PIN) Buffer Overflow (Controlling the program and manipulating its flow to desired functions) Abusing Decryption Function (XOR Trick) [Privilege Escalation]	OSWE eWPT eWPTXv2 Buffer Overflow	https://www.youtube.com/watch?v=tEbBDlOFen0	Si
62	Fighter	10.10.10.72	Windows	Insane	Advanced SQL Injection [SQLI] - MS SQL Server 2014 [Bypass Protection] [Python Scripting] [RCE] Abusing Cron Jobs Capcom Rootkit Privilege Escalation Binary and DLL Analysis in order to get root.txt [Radare2]	eWPT eWPTXv2 OSWE OSCP	https://www.youtube.com/watch?v=DWF0inlo8Zw	Si
63	Tabby	10.10.10.194	Linux	Fácil	Local File Inclusion (LFI) Abusing Tomcat Virtual Host Manager Abusing Tomcat Text-Based Manager - Deploy Malicious War (Curl Method) LXC Exploitation (Privilege Escalation)	eWPT OSCP (Escalada) eJPT (Intrusión)	https://www.youtube.com/watch?v=hKCNrXXLClQ	Si
64	Backend	10.10.11.161	Linux	Media	API Enumeration Abusing API - Registering a new user Abusing API - Logging in as the created user Enumerating FastApi Endpoints through Docs Abusing FastAPI - We managed to change the admin password Abusing FastAPI - We get the ability to read files from the machine (Source Analysis) Creating our own privileged JWT Abusing FastAPI - We achieved remote command execution through the exec endpoint Information Leakage (Privilege Escalation)	eWPT OSWE OSCP	https://www.youtube.com/watch?v=OugU0j3_COM	Si
65	Hackback	10.10.10.128	Windows	Insane	Subdomain Enumeration Information Leakage Password Fuzzing Gophish Template Log Poisoning (Limited RCE) Internal Port Discovery reGeorg - Accessing internal ports through a SOCKS proxy (proxychains) Accessing the WinRM service through reGeorg and SOCKS proxy Abusing Cron Job + SeImpersonatePrivilege Alternative Exploitation Playing with PIPES - pipeserverimpersonate Impersonating users and executing commands as the impersonated user Bypassing Firewall Rules (BlockInbound/BlockOutbound) Abusing Services Alternate Data Streams (ADS)	eWPT eWPTXv2 OSWE OSCP (Escalada) eCPTXv2	https://www.youtube.com/watch?v=UMyJt-fiBz8	Si
66	October	10.10.10.16	Linux	Media	Abusing October CMS (Upload File Vulnerability) Buffer Overflow - Bypassing ASLR + Ret2libc (x32 bits) Buffer Overflow - Ret2libc without ASLR (x32 bits EXTRA)	eWPT (Intrusión) Buffer Overflow	https://www.youtube.com/watch?v=3QZfUBVr-AA	Si
67	Holiday	10.10.10.25	Linux	Difícil	SQL Injection [SQLI] - Sqlite XSS Injection - Bypassing Techniques (fromCharCode) + Own Javascript Code + Session Cookie Theft Abusing existing parameters - RCE NodeJS npm - Privilege Escalation	eWPT eWPTXv2 OSWE OSCP (Escalada)	https://www.youtube.com/watch?v=ymvb94yAefM	Si
68	Blunder	10.10.10.191	Linux	Fácil	Bludit CMS Exploitation Bypassing IP Blocking (X-Forwarded-For Header) Directory Traversal Image File Upload (Playing with .htaccess) Abusing sudo privilege (CVE-2019-14287)	eWPT OSWE eWPTXv2	https://www.youtube.com/watch?v=C64POGPpank	Si
69	Static	10.10.10.246	Linux	Difícil	Compressed File Recomposition (Fixgz) Abusing TOTP (Python Scripting - NTP protocol) Playing with Static Routes XDebug Exploitation (RCE) Abusing PHP-FPM (RCE) [CVE-2019-11043] (PIVOTING) Abusing Capabilities (cap_setuid + Path Hijacking \| Privilege Escalation)	eWPT eJPT (Rutas Estáticas) eCPPTv3 eCPTXv2 OSWE OSCP	https://www.youtube.com/watch?v=BmtLkWmJbgk	Si
70	Aragog	10.10.10.78	Linux	Media	XXE (XML External Entity Injection) Exploitation Modifying a wordpress login to steal credentials (Privilege Escalation)	eWPT OSWE (Intrusión)	https://www.youtube.com/watch?v=Q2jTs8QepFQ	Si
71	Querier	10.10.10.125	Windows	Media	Macro Inspection (Olevba2) MSSQL Hash Stealing [Net-NTLMv2] (xp_dirtree) Abusing MSSQL (xp_cmdshell) Cached GPP Files (Privilege Escalation)	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=hfzYnjBzW_k	Si
72	Toby	10.10.11.121	Linux	Insane	Abusing GOGS (Project Enumeration) Static Code Analysis (Finding a backdoor with php-malware-scanner) Code deofuscation Reverse shell through backdoor Setting up a SOCKS5 Proxy (Chisel/Proxychains) Database Enumeration (Accessing GOGS) Abusing API (Stealing an authentication hash in MYSQL through Wireshark) Playing with epoch time to generate a potential list of passwords Cracking Hashes PIVOTING Process Enumeration (pspy) Abusing cron job to obtain a private key Decrypting database passwords (AES Encryption) Abusing PAM (Ghidra Analysis) Getting the root password by abusing time Advanced persistence techniques	eWPT OSWE eWPTXv2 eCPPTv3 eCPTXv2	https://www.youtube.com/watch?v=TLKid8-aI0E	Si
73	Backdoor	10.10.11.125	Linux	Fácil	WordPress Local File Inclusion Vulnerability (LFI) LFI to RCE (Abusing /proc/PID/cmdline) Gdbserver RCE Vulnerability Abusing Screen (Privilege Escalation) [Session synchronization]	OSCP eWPT OSWE eWPTXv2	https://www.youtube.com/watch?v=u5hjJ3p-XfU	Si
74	Control	10.10.10.167	Windows	Difícil	SQL Injection [SQLI] - Error Based Advanced Bash Scripting (EXTRA) SQLI to RCE (Into Outfile - PHP File Creation) ConPtyShell (Fully Interactive Reverse Shell for Windows) Playing with ScriptBlocks and PSCredential to execute commands as another user AppLocker Bypass WinPEAS Enumeration Service ImagePath Hijacking (Privilege Escalation)	OSCP OSWE eWPT	https://www.youtube.com/watch?v=I1IDYLQeieE	Si
75	Unobtainium	10.10.10.235	Linux	Difícil	Inspecting custom application Code Analysis Information Leakage Local File Inclusion (LFI) Google CloudStorage Commands Vulnerability (Command Injection) [RCE] Prototype Pollution Exploitation (Granting us privileges) Kubernetes (Interacting with the API) [kubectl] Finding containers with kubectl PIVOTING Abusing Prototype Pollution to jump to another container Listing secrets with kubectl Creating malicious Pod (Privilege Escalation) [Bad Pods] Peirates - Kubernetes Penetration Testing Tool [EXTRA]	eWPT eWPTXv2 OSWE eCPPTv3 eCPTXv2	https://www.youtube.com/watch?v=zWDLDqis0Hs	Si
76	Cache	10.10.10.188	Linux	Media	Information Leakage (Code Inspection) Abusing OpenEMR Broken Access Control Authentication Bypassing (Abusing the registration panel) SQL Injection - Error Based [SQLI] OpenEMR Authentication Exploit (RCE) Abusing Docker Group (Privilege Escalation)	eWPT OSWE OSCP (Escalada)	https://www.youtube.com/watch?v=C0zJUGM00mc	Si
77	Sense	10.10.10.60	Linux	Fácil	Information Leakage PFsense - Abusing RRD Graphs (RCE) [Evasion Techniques] Python Exploit Development (AutoPwn) [EXTRA]	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=mWTmXpQlgCs	Si
78	Breadcrumbs	10.10.10.228	Windows	Difícil	Local File Inclusion (LFI) [Abusing file_get_contents] Abusing No Redirect Forge PHPSESSID and getting valid Cookies Forge JWT Uploading WebShell Obtaining system credentials through the webshell Abusing Sticky Notes Binary Analysis (Radare2) SQL Injection (SQLI) [Error Based] AES Decrypt (Cyberchief)	eWPT eWPTXv2 OSWE OSCP	https://www.youtube.com/watch?v=R89-6VzGgFs	Si
79	Search	10.10.11.129	Windows	Difícil	Information Leakage - Password in picture (wtf?) RPC Enumeration (rpcclient) Ldap Enumeration (ldapdomaindump) Bloodhound Enumeration Kerberoasting Attack (GetUserSPNs.py) SMB Password Spray Attack (Crackmapexec) Unprotecting password-protected Excel (Remove Protection) Playing with pfx certificates Gaining access to Windows PowerShell Web Access Abusing ReadGMSAPassword privilege Abusing GenericAll privilege (Resetting a user's password) Gaining access with wmiexec	OSCP OSEP eCPPTv3 Active Directory	https://www.youtube.com/watch?v=vTsD0TSgdGg	Si
80	Ariekei	10.10.10.65	Linux	Insane	ImageTragick Exploitation (Specially designed '.mvg' file) ShellShock Attack (WAF Bypassing) Abusing Docker privilege PIVOTING	eCPPTv3 eCPTXv2 eWPT OSWE	https://www.youtube.com/watch?v=mjrrfNc454c	Si
81	Forge	10.10.11.111	Linux	Media	Bypassing URL Blacklist Server Side Request Forgery (SSRF) Abusing Sudoers Privilege (Abusing Python Script)	eWPT OSWE OSCP	https://www.youtube.com/watch?v=6JWPJ3YgDXc	Si
82	SwagShop	10.10.10.140	Linux	Fácil	Magento CMS Exploitation (Creating an admin user) Magento - Froghopper Attack (RCE) Abusing sudoers (Privilege Escalation)	eWPT OSWE OSCP	https://www.youtube.com/watch?v=7Lc9taXgLCA	Si
83	BackendTwo	10.10.11.162	Linux	Media	API Enumeration Abusing API - Registering a user Accessing the Docs path of FastAPI Mass Assignment Attack (Becoming superusers) Abusing API - Reading system files Information Leakage Forge JWT (Assigning us an extra privilege) Abusing API - Creating a new file to achieve remote command execution (RCE) Abusing pam_wordle (Privilege Escalation)	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=JLaMxPbdvlo	Si
84	MultiMaster	10.10.10.179	Windows	Insane	SQLI (SQL Injection) - Unicode Injection WAF Bypassing Advanced Python Scripting - Creation of an automation tool to handle Unicode in SQL injection Database enumeration through the previously created utility Cracking Passwords Active Directory Enumeration Enumerating domain information through SQL injection Obtaining domain RIDs through SQL injection Applying brute-force attack (SID = SID+RID) to obtain existing domain users [Python Scripting] SMB Brute Force Attack (Crackmapexec) Enumerating AD existing users (rpcclient/rpcenum) Abusing Remote Management User group Microsoft Visual Studio 10.0 Exploitation (User Pivoting) Using libwebsockets in order to connect to a CEF Debugger (RCE) AMSI Bypass - Playing with Nishang AMSI Bypass - Bypass-4MSI Alternative (evil-winrm) DLL Inspection - Information Leakage BloodHound Enumeration Abusing the GenericWrite privilege on a user Making a user vulnerable to an ASREPRoast attack - Disabling Kerberos Pre-Authentication Requesting the TGT of the manipulated user Abusing Server Operators Group Abusing an existing service by manipulating its binPATH We change the password of the administrator user after restarting the manipulated service	OSCP OSEP eCPPTv3 eWPT eWPTXv2 OSWE Active Directory	https://www.youtube.com/watch?v=z6nmcyk1Pbo	Si
85	Unicode	10.10.11.126	Linux	Media	JWT Enumeration JWT - Claim Misuse Vulnerability JSON Web Key Generator (Playing with mkjwk) Forge JWT Open Redirect Vulnerability Creating a JWT for the admin user LFI (Local File Inclusion) - Unicode Normalization Vulnerability Abusing Sudoers Privilege Playing with pyinstxtractor and pycdc Bypassing badchars and creating a new passwd archive (Privilege Escalation)	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=ofz_1ncuCm4	Si
86	Postman	10.10.10.160	Linux	Fácil	Redis Enumeration Redis Exploitation - Write SSH Key Webmin Exploitation - Python Scripting We create our own exploit in Python - AutoPwn [Ruby code adaptation from Metasploit]	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=PE3B3rHVTSw	Si
87	Servmon	10.10.10.184	Windows	Fácil	NVMS-1000 Exploitation - Directory Traversal Local File Inclusion (LFI) Local Port Forwarding - SSH NSClient++ Exploitation - Privilege Escalation	eWPT OSCP	https://www.youtube.com/watch?v=UOrtDZsP0aQ	Si
88	Schooled	10.10.10.234	Linux	Media	VHost Brute Force Moodle Enumeration Moodle - Stored XSS Stealing a teacher's session cookie Privilege escalation from teacher role into manager role to RCE [CVE-2020-14321] Elevating our privilege to Manager in Moodle - User Impersonation Mass Assignment Attack - Enable Full Permissions Giving us the ability to install a plugin Achieving remote command execution through installation of a malicious Plugin Enumerating the database once we have gained access to the system Cracking Hashes Abusing sudoers privilege (pkg install package) [Privilege Escalation]	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=HNHvMgQwHQM	Si
89	Oz	10.10.10.96	Linux	Difícil	SQL Injection (SQLI) Server Side Template Injection (SSTI) (RCE) Abusing Knockd Network enumeration techniques using bash oneliners PIVOTING Portainer 1.11.1 Exploitation - Resetting the admin password Creating a new container from Portainer (Privilege Escalation)	eWPT eWPTXv2 OSWE eCPPTv3 eCPTXv2	https://www.youtube.com/watch?v=nqGs42yM75c	Si
90	CTF	10.10.10.122	Linux	Insane	LDAP Injection LDAP Injection - Discovering valid usernames LDAP Injection - Attribute Brute Force [Discovering valid LDAP fields] LDAP Injection - Obtaining OTP Seed Generating One-Time Password (OTP) [stoken] Second Order Ldap Injection Abusing backup - 7za Symbolic Links (Privilege Escalation)	eWPT eWPTXv2 OSWE	https://www.youtube.com/watch?v=LWh6unoFu8I	Si
91	Buff	10.10.10.198	Windows	Fácil	Gym Management System Exploitation (RCE) CloudMe Exploitation [Buffer Overflow] [OSCP Like] (Manual procedure) [Python Scripting]	OSCP eCPPTv3 Buffer Overflow	https://www.youtube.com/watch?v=TytUFooC3kU	Si
92	Kotarak	10.10.10.55	Linux	Difícil	Server Side Request Forgery (SSRF) [Internal Port Discovery] Information Leakage [Backup] Tomcat Exploitation [Malicious WAR] Dumping hashes [NTDS] Wget 1.12 Vulnerability [CVE-2016-4971] [Privilege Escalation] (PIVOTING)	eWPT eWPTXv2 OSWE eCPPTv3 eCPTXv2	https://www.youtube.com/watch?v=q2Cv2IQUzdw	Si
93	Crossfit	10.10.10.208	Linux	Insane	FTP SSL Certificate Enumeration XSS Injection Subdomain Enumeration through the Origin Header [Access-Control-Allow-Origin] Accessing internal websites through XSS - Creating a javascript file Registering a new user through XSS - CSRF Protection Bypass Uploading a webshell with lftp Cracking Hashes Abusing Cron Job php-shellcommand exploitation - escapeArgs option is not working properly Injecting data into the database to achieve remote command execution (RCE) [User Pivoting] Binary Analysis - dbmsg [GHIDRA] Reversing Creating an exploit - Abusing Rand [Time travel] Abusing symbolic links Injecting our own public key as authorized_keys in /root	eWPTXv2 OSWE	https://www.youtube.com/watch?v=sIaVrGnzRjM	Si
94	CrimeStoppers	10.10.10.80	Linux	Difícil	Local File Inclusion (LFI) LFI - Base64 Wrapper [Reading PHP files] LFI to RCE - ZIP Wrapper Thunderbird - Password Extraction & Reading Messages (firefoxpwd tool) Rootkit - apache_modrootme [GHIDRA/Radare2 Analysis] (Privilege Escalation)	eWPT OSWE	https://www.youtube.com/watch?v=6IO3gAtP3dc	Si
95	Nightmare	10.10.10.66	Linux	Insane	HTML Injection XSS Injection SQL Injection (SQLI) - Error Based OpenSSH <= 6.6 SFTP misconfiguration universal exploit (RCE) Script Modification Binary Analysis [GHIDRA/Radare2] In-depth analysis with Radare2 [Tips and tricks] Command Injection - User Pivoting Ubuntu Xenial Privilege Escalation - Kernel Exploitation	eWPT OSWE	https://www.youtube.com/watch?v=nBDnCjRxmO8	Si
96	Pandora	10.10.11.136	Linux	Fácil	SNMP Fast Enumeration Information Leakage Local Port Forwarding SQL Injection - Admin Session Hijacking PandoraFMS v7.0NG Authenticated Remote Code Execution [CVE-2019-20224] Abusing Custom Binary - PATH Hijacking [Privilege Escalation]	OSCP eWPT	https://www.youtube.com/watch?v=Np_zA-SOwYo	Si
97	Bastard	10.10.10.9	Windows	Media	Drupal Enumeration Drupal 7.X Module Services - Remote Code Execution [SQL Injection] Drupal Admin Cookie Hijacking Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution SA-CORE-2018-004 - 'Drupalgeddon3' Remote Code Execution Sherlock Enumeration (Privilege Escalation) MS15-051-KB3045171 - Kernel Exploitation [Way 1] Abusing SeImpersonatePrivilege [Way 2]	OSCP eWPT	https://www.youtube.com/watch?v=VHeDNq4OrqI	Si
98	Safe	10.10.10.147	Linux	Fácil	Information Leakage Buffer Overflow [x64] [ROP Attacks using PwnTools] [NX Bypass] [ASLR Bypass] Trying to hijack the argument to the system() function by loading our content in RDI [Way 1] Leaking puts and libc address to make a system call with the argument loaded in RDI [Way 2] [EXTRA] Abusing keepass to obtain the root password [Privilege Escalation]	Buffer Overflow	https://www.youtube.com/watch?v=jvoiMos46IY	Si
99	RedCross	10.10.10.113	Linux	Media	Subdomain Enumeration XSS Injection - Stealing the admin user cookie Injection RCE Abusing Custom Binary - Binary Exploitation Buffer Overflow [x64] [ROP Attacks using PwnTools] [NX Bypass] [ASLR Bypass] [Privilege Escalation]	eWPT Buffer Overflow	https://www.youtube.com/watch?v=prg88ajxAPc	Si
100	TartarSauce	10.10.10.88	Linux	Media	RFI (Remote File Inclusion) - Abusing Wordpress Plugin [Gwolle-gb] RFI to RCE (Creating our malicious PHP file) Abusing Sudoers Privilege (Tar Command) Abusing Cron Job (Privilege Escalation) [Code Analysis] [Bash Scripting]	eWPT OSWE OSCP	https://www.youtube.com/watch?v=nyp6eixPSMA	Si