Optimum
Easy Windows machine exploiting HttpFileServer 2.3 RCE for initial shell and unpatched kernel vulnerability for PrivEsc.
Toolbox
Easy Windows box with SQL injection in a Docker Toolbox‑hosted app, leading to container escape and host PrivEsc.
Jerry
Easy Windows box using default Tomcat Manager credentials to deploy a WAR reverse shell and gain SYSTEM.
Legacy
Easy Windows XP machine vulnerable to MS08‑067 EternalBlue SMB exploit for root.
Netmon
Easy Windows box with anonymous FTP to steal PRTG config, then RCE via PRTG Network Monitor.
Sauna
Easy Active Directory Windows box using AS-REP Roasting and Kerberoasting to escalate to SYSTEM.