Let’s do Oldschool Machine in this write up. As always, started with nmap to figure open ports nmap 10.0.100.1 As simple as that, only port 80 is opened, sol let’s visit it

Let’s do Drop Machine in this write up. As always, started with nmap to figure open ports nmap -A 10.0.100.2 By visiting the open port, I got this page

Let’s do Samba Machine in this write up. As always, started with nmap to figure open ports nmap -sT -A -p- -T5 10.0.101.2 * 10.0.101.2 is samba IP we got 21 open and running ProFTPD 1.3.5! ProFTPD 1.3.5 is vulnerable, it has mod_copy module which allows remote attackers to read…

And I back with a new beautiful platform. Let’s do Twig Machine in this write up. As always, started by nmap nmap -sT -sT -A -p- -T5 10.0.101.1 We only got one opened port! let’s explore that and dig into it

Level 2 Challenge: Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful. Solution: nothing is attracted in the page, so I went to the source code and found update.php and it was a login page

Level 1 Challenge: Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold’s Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list…

Level 11 Challenge: Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics. Solution: Started by using dirb By visiting index.php, an input field is there! visiting the rest of the directories, I got a good start on /e directory I got 1,t,o and the last one was n, I accessed all of these and there was not any protection!

Level 10 Challenge: Enter password Please enter a password to gain access to level 10 Solution: All what you have to do is that capture the request and you will notice that “authorization = no” change it to “yes” and you will be authorized!

Flag is restricted to logged users only , can you be one of them. By visiting the website, I got this! So this is a hint that we have to deal with cookies, I visited the source code and I got this great information