January 2026

This machine has a webs server that has unauthenticated access with an IDOR (Insecure Direct Object Reference) vulnerability. By changing the number at the end of the URL, you can find a PCAP file with cleartext FTP traffic containing credentials. These credentials work for ssh and can be used to Read more

I began this lab by running Nmap to identify open TCP and UDP ports on the target system. During the scan, I noticed that UDP port 500 was open, which immediately suggested the presence of an IPsec/IKE VPN service. Given the open UDP 500 port, I decided to enumerate the Read more