OSCP Practice Machine Tracker
An essential, curated list of machines to practice for the OSCP—use it to plan your progression, track coverage, and focus on the most relevant targets.
Open curated list →Capture the Flag
Walkthroughs
This is a collection of a few walkthroughs that I have published. Each of these machines are organized by OS and difficulty. I will be adding to this collection over time, but if you would like to contribute or suggest a walkthrough, feel free to reach out on LinkedIn.
Linux Machines
Easy
Nibbles (Hack The Box)
NibbleBlog enumeration, upload exploit, and sudo abuse.
Open walkthrough →Bashed (Hack The Box)
Web shell discovery, sudo pivot, and cron job escalation.
Open walkthrough →Beep (Hack The Box)
Elastix LFI to credential reuse and SSH access.
Open walkthrough →Medium
Nineveh (Hack The Box)
Multi-app enumeration, phpLiteAdmin abuse, and privesc.
Open walkthrough →Cronos (Hack The Box)
DNS zone transfer, auth bypass, and cron job takeover.
Open walkthrough →Hard
Intentions (Hack The Box)
Second-order SQLi, Imagick abuse, and capability-based escalation.
Open walkthrough →Windows Machines
Easy
Mailing (Hack The Box)
hMailServer LFI, Outlook hash capture, and LibreOffice RCE.
Open walkthrough →Servmon (Hack The Box)
Service enumeration, credential harvesting, and escalation.
Open walkthrough →Support (Hack The Box)
AD enumeration, credential abuse, and Windows privesc.
Open walkthrough →Medium
Escape (Hack The Box)
MSSQL abuse, hash capture, and AD CS escalation.
Open walkthrough →StreamIO (Hack The Box)
Web enumeration, data extraction, and Windows escalation.
Open walkthrough →