Blocky is a simple, real-world–based machine highlighting weak passwords and exposed internal files on public systems. It also shows Minecraft as a large attack surface, with many public servers run by inexperienced administrators.
Celestial is a medium difficulty machine which focuses on deserialization exploits. It is not the most realistic, however it provides a practical example of abusing client-size serialized objects in NodeJS framework.
Popcorn, while not overly complicated, contains quite a bit of content and it can be difficult for some users to locate the proper attack vector at first. This machine mainly focuses on different methods of web exploitation.
Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator access.
Lame is a beginner level machine, requiring only one exploit to obtain root access. In this post, we will exploit the vulnerability manually as well as with the help of Metasploit.
