Linux

BoardLight: use CVE-2022-37706 and CVE-2023-30253 where it fits the service, gain a shell, and escalate to root.

Editorial: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

PermX: use CVE-2023-4220 where it fits the service, gain a shell, and escalate to root.

Headless: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

Trickster: use CVE-2023-47268 and CVE-2024-32651 where it fits the service, gain a shell, and escalate to root.

Sea: use CVE-2023-41425 where it fits the service, gain a shell, and escalate to root.

Caption: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

Bastion: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Curling: abuse the Joomla exposure for a shell, then use local enumeration to reach root.

Sightless: use CVE-2022-0944 and CVE-2024-34070 where it fits the service, gain a shell, and escalate to root.

Spooktrol: turn the exposed service into a shell, pivot through the container boundary, and escalate to root.

Writeup: use CVE-2022-41544 where it fits the service, gain a shell, and escalate to root.

Active: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Codify: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Paper: use CVE-2019-17671 and CVE-2021-3560 where it fits the service, gain a shell, and escalate to root.

Perfection: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

Blog: abuse the WordPress foothold, stabilize the shell, and escalate through the local weakness.

DevVortex: use CVE-2023-23752 where it fits the service, gain a shell, and escalate to root.