This repository contains a curated list of machines, notes, and resources targeting the eCPPT, OSCP and CPTS exams.
The following machines are categorized by the specific skill sets required for the eCPPT exam.
Focus: Enumeration, Brute-force, Shells, Old School Exploits.
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Kioptrix Level 1 | Beg | SMB, Apache, mod_ssl | Free | Download |
| Kioptrix Level 1.1 | Beg | SQL Injection, RCE | Free | Download |
| Kioptrix Level 1.2 | Beg | LotusCMS | Free | Download |
| Kioptrix Level 1.3 | Beg | SQLi, Restricted Shell | Free | Download |
| Kioptrix 2014 | Int | Web Exploits | Free | Download |
| Stapler 1 | Int | SMB Enum, Password Spraying | Free | Download |
| SickOs 1.1 | Int | Squid Proxy, Shellshock | Free | Download |
| SickOs 1.2 | Int | PUT Method, Cron Jobs | Free | Download |
| Basic Pentesting 1 | Beg | Web to Root | Free | Download |
| Tr0ll 1 | Int | FTP, Binary Analysis | Free | Download |
| Tr0ll 2 | Hard | Deep Rabbit Holes | Free | Download |
| LazySysAdmin 1 | Beg | Info Disclosure | Free | Download |
| Bulldog 1 | Int | Django, Hidden Files | Free | Download |
| RickdiculouslyEasy 1 | Beg | Multiple Paths | Free | Download |
| SkyTower 1 | Int | SSH Tunneling | Free | Download |
| VulnOS 2 | Int | General Pentest | Free | Download |
| HackLAB: Vulnix | Int | General Pentest | Free | Download |
| pWnOS 2.0 | Int | Old School | Free | Download |
| Prime 1 | Int | General Pentest | Free | Download |
| NullByte | Int | General Pentest | Free | Download |
TryHackMe Labs (Initial Access)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Nmap Live Host Discovery | Network Scanning | Free | THM Link |
| Hydra | Brute-forcing | Free | THM Link |
| Blue | EternalBlue (MS17-010) | Free | THM Link |
| Vulnversity | Upload Vulnerabilities | Free | THM Link |
| Bounty Hacker | FTP/SSH Attacks | Free | THM Link |
HackMyVM Labs (Initial Access)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Gift | Easy | Basic Enumeration | Free | HMV Link |
| Friendly | Easy | FTP/SSH | Free | HMV Link |
| EasyPeasy | Easy | Web/Shells | Free | HMV Link |
| Unbaked Pie | Medium | Docker/Pivoting | Free | HMV Link |
HackingHub Labs (Initial Access)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Mission 1 | Easy | Basic Recon | Free | Start Mission |
| Mission 2 | Medium | Foothold | Free | Start Mission |
HackTheBox Labs (Initial Access)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Lame | Easy | Enumeration/Samba | VIP | HTB Link |
| Beep | Easy | Web/Asterisk | VIP | HTB Link |
| Cronos | Medium | DNS/Web | VIP | HTB Link |
Focus: SQLi, XSS, LFI, RCE, Manual Exploitation.
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Mr-Robot 1 | Int | Wordpress, Keys, Decoding | Free | Download |
| PwnLab: init | Int | LFI, PHP Filters, Cmd Inj | Free | Download |
| WebSploit2018 | Int | Vulnerable Apps Collection | Free | Download |
| Billu: b0x | Int | SQLi, RCE, LFI | Free | Download |
| FristiLeaks 1.3 | Int | LFI to Shell, PrivEsc | Free | Download |
| VulnCMS 1 | Beg | CMS Enumeration | Free | Download |
| Pinkys Palace v1 | Hard | SQLi, Dictionary Attacks | Free | Download |
| Pinkys Palace v2 | Hard | Proxy Tunneling, SQLi | Free | Download |
| Hacksudo: Thor | Int | CGI-bin, Shellshock | Free | Download |
| Deathnote 1 | Int | LFI, RCE, Upload | Free | Download |
| Breach 1.0 | Int | Traffic Analysis, SSL | Free | Download |
| Breach 2.1 | Int | Traffic Analysis | Free | Download |
| Raven 1 | Int | Wordpress, PHPMailer | Free | Download |
| Raven 2 | Int | PHPMailer RCE | Free | Download |
| DC-9 | Int | SQLi Search, LFI | Free | Download |
| DevGuru 1 | Int | Web Focus | Free | Download |
| Photographer 1 | Beg | Web/SMB | Free | Download |
| W34kn3ss 1 | Int | Web/PrivEsc | Free | Download |
| GoldenEye 1 | Hard | POP3, Compilation | Free | Download |
| LemonSqueezy | Int | Web | Free | Download |
TryHackMe Labs (Web App)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| OWASP Top 10 | Critical Web Vulns | Free | THM Link |
| SQL Injection Lab | Manual/Automated SQLi | Free | THM Link |
| Burp Suite Basics | Proxy Interception | Paid | THM Link |
| OWASP Juice Shop | Modern Web Exploitation | Free | THM Link |
| File Inclusion | LFI/RFI/Path Traversal | Paid | THM Link |
HackMyVM Labs (Web App)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Registry | Medium | Docker Registry/Web | Free | HMV Link |
| Base | Easy | Basic Web | Free | HMV Link |
| Site | Medium | Web Exploitation | Free | HMV Link |
| Panel | Easy | Admin Panel Bypass | Free | HMV Link |
PortSwigger Academy Labs (Web App)
| Topic | Focus | Cost | Link |
|---|---|---|---|
| SQL Injection (All Labs) | Manual SQLi Mastery | Free | Start Lab |
| Cross-Site Scripting (XSS) | Reflected, Stored, DOM | Free | Start Lab |
| Cross-Site Request Forgery | CSRF Token Bypass | Free | Start Lab |
| XML External Entity (XXE) | Injection & Retrieval | Free | Start Lab |
| Server-Side Request Forgery | SSRF & Cloud Metadata | Free | Start Lab |
| Command Injection | OS Command Execution | Free | Start Lab |
| Directory Traversal | File Path Traversal | Free | Start Lab |
| Authentication & Logic | Bypassing Controls | Free | Start Lab |
HackingHub Labs (Web App)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Hands-On Web Exploitation Course | Advanced | Various Web Vulns | Paid | Course Link |
| Nuclei Masterclass | Advanced | Vulnerability Scanning | Paid | Course Link |
| Blind XSS Masterclass | Advanced | XSS | Paid | Course Link |
| Web App Mission 1 | Easy | Common Web Vulns | Free | Start Mission |
| Web App Mission 2 | Medium | Advanced Web Vulns | Free | Start Mission |
HackTheBox Labs (Web App)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Horizontall | Easy | Strapi CMS | VIP | HTB Link |
| Pressed | Hard | WordPress/XML-RPC | VIP | HTB Link |
Focus: Recon, Lateral Movement, Tunneling. (Requires Lab Setup)
| Machine Name | Setup | Cost | Link |
|---|---|---|---|
| WinterMute 1 | Best for Pivoting. Dual-VM lab. | Free | Download |
| myHouse7 | Docker/Subnet pivoting. | Free | Download |
| Wpwn 1 | Dual NICs designed for pivoting. | Free | Download |
| Symfonos Series | Good for internal service chains. | Free | Download |
| Metasploitable 3 | Setup as dual-homed target. | Free | GitHub |
TryHackMe Labs (Pivoting)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Wreath | Full Pivoting Network (Must Do) | Free* | THM Link |
| Pivoting | Proxychains, sshuttle, Chisel | Paid | THM Link |
| Lateral Movement | Moving through Windows | Paid | THM Link |
HackMyVM Labs (Pivoting)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| WinterMute | Hard | (Clone of VulnHub Lab) | Free | HMV Link |
| Unbaked Pie | Medium | Docker Pivoting | Free | HMV Link |
| Machine | Hard | Internal Network | Free | HMV Link |
HackTheBox Labs (Pivoting)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Reddish | Insane | Chisel/Socat Pivoting | VIP | HTB Link |
| Vault | Medium | SSH Tunneling | VIP | HTB Link |
Focus: Stack Buffer Overflow.
| Machine Name | Focus | Cost | Link |
|---|---|---|---|
| Brainpan 1 | The King of BoF. Do this until you dream in hex. | Free | Download |
| Brainpan 2 | Advanced Binary Exploitation. | Free | Download |
| Stack Overflows for Beginners | Linear progression BoF. | Free | Download |
| Smasher | Web to Buffer Overflow. | Free | Download |
| Buffer Overflow Prep | Tib3rius Room (TryHackMe). | Free | THM Link |
| Gatekeeper | BoF Practice. | Free | THM Link |
| Intro To Pwntools | Scripting Exploits. | Free | THM Link |
TryHackMe Labs (Exploit Dev)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Buffer Overflow Prep | OSCP Style Stack Overflow | Free | THM Link |
| Gatekeeper | Binary Exploitation | Free | THM Link |
| Brainpan | THM Port of VulnHub Machine | Free | THM Link |
| Sudo Buffer Overflow | CVE-2019-18634 | Free | THM Link |
HackMyVM Labs (Exploit Dev)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Buffer | Medium | Stack Overflow | Free | HMV Link |
| Overflow | Medium | Binary Exploitation | Free | HMV Link |
| Brainpan | Hard | (Clone/Similar) | Free | HMV Link |
HackTheBox Labs (Exploit Dev)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| October | Medium | Buffer Overflow (ASLR/NX) | VIP | HTB Link |
| Overflow | Hard | Buffer Overflow | VIP | HTB Link |
Focus: Linux PrivEsc, Cron jobs, SUID, Kernel exploits.
| Machine Name | Focus | Cost | Link |
|---|---|---|---|
| Lin.Security | Dedicated PrivEsc Practice. | Free | Download |
| Escalate_Linux 1 | 12+ Methods of Escalation. | Free | Download |
| DC-1 | SUID Abuse. | Free | Download |
| DC-2 | Restricted Shell. | Free | Download |
| DC-3 | Kernel Exploit. | Free | Download |
| DC-4 | Sudo Abuse. | Free | Download |
| DC-5 | Screen Exploit. | Free | Download |
| DC-6 | Script Abuse. | Free | Download |
| Tommy Boy 1 | Sudo Abuse. | Free | Download |
| Temple of Doom | Node.js / Serialization. | Free | Download |
TryHackMe Labs (PrivEsc)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Linux PrivEsc | Full Linux Escalation Course | Paid | THM Link |
| Windows PrivEsc | Full Windows Escalation Course | Paid | THM Link |
| PrivEsc Arena | Multi-vector Practice | Paid | THM Link |
| Post-Exploitation Basics | Mimikatz, Bloodhound, Powerview | Paid | THM Link |
HackMyVM Labs (PrivEsc)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| PrivEsc | Medium | Multi-vector Escalation | Free | HMV Link |
| Escalate | Medium | SUID/Sudo Abuse | Free | HMV Link |
| Toxin | Medium | Kernel Exploits | Free | HMV Link |
HackingHub Labs (PrivEsc)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Linux for Hackers Course | Intermediate | Linux Skills | Paid | Course Link |
| PrivEsc Mission | Medium | Linux PrivEsc | Free | Start Mission |
HackTheBox Labs (PrivEsc)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Jeeves | Medium | Windows/RottenPotato | VIP | HTB Link |
| Return | Easy | Windows/Server Operators | VIP | HTB Link |
Focus: Kerberoasting, AS-REP, Domain Dominance.
WARNING: VulnHub is weak for AD. Use these resources instead.
| Resource Name | Type | Cost | Link |
|---|---|---|---|
| GOAD | Full Lab | Free | GitHub |
| VulnLab | Cloud Lab | Paid | Website |
| Metasploitable 3 | Local Lab | Free | GitHub |
| HTB ProLabs | Cloud Lab | Paid | Website |
| Dante | Pro Lab | Paid | HTB Link |
| RastaLabs | Pro Lab | Paid | HTB Link |
| Offshore | Pro Lab | Paid | HTB Link |
| Zephyr | Pro Lab | Paid | HTB Link |
TryHackMe Labs (Active Directory)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Active Directory Basics | AD Fundamentals | Free | THM Link |
| Attacktive Directory | Kerberos, Impacket, Domain Admin | Free | THM Link |
| Breaching Active Directory | Initial Access in AD | Free | THM Link |
| Lateral Movement in AD | Spreading through the Domain | Paid | THM Link |
| Post-Exploitation Basics | Persistence & Looting | Paid | THM Link |
HackMyVM Labs (Active Directory)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| AD | Hard | Basic AD Chain | Free | HMV Link |
| Domain | Hard | Kerberos Attacks | Free | HMV Link |
| Controller | Insane | Full Forest Compromise | Free | HMV Link |
HackingHub Labs (Active Directory)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| AD Mission | Hard | AD Exploitation | Free | Start Mission |
| AD Course | Advanced | Full AD Compromise | Paid | Course Link |
HackTheBox Labs (Active Directory)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Active | Easy | Kerberoasting/GPP | VIP | HTB Link |
| Blackfield | Hard | Forensics/AD | VIP | HTB Link |
| Sauna | Easy | AD Enumeration | VIP | HTB Link |
| Monteverde | Medium | Azure AD Traits | VIP | HTB Link |
| Sizzle | Hard | Deep AD | VIP | HTB Link |
Focus: Enumeration, Brute-force, Shells, Old School Exploits.
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Kioptrix Level 1 | Beg | SMB, Apache, mod_ssl | Free | Download |
| Kioptrix Level 1.1 | Beg | SQL Injection, RCE | Free | Download |
| Kioptrix Level 1.2 | Beg | LotusCMS | Free | Download |
| Kioptrix Level 1.3 | Beg | SQLi, Restricted Shell | Free | Download |
| Kioptrix 2014 | Int | Web Exploits | Free | Download |
| Stapler 1 | Int | SMB Enum, Password Spraying | Free | Download |
| SickOs 1.1 | Int | Squid Proxy, Shellshock | Free | Download |
| SickOs 1.2 | Int | PUT Method, Cron Jobs | Free | Download |
| Basic Pentesting 1 | Beg | Web to Root | Free | Download |
| Tr0ll 1 | Int | FTP, Binary Analysis | Free | Download |
| Tr0ll 2 | Hard | Deep Rabbit Holes | Free | Download |
| LazySysAdmin 1 | Beg | Info Disclosure | Free | Download |
| Bulldog 1 | Int | Django, Hidden Files | Free | Download |
| RickdiculouslyEasy 1 | Beg | Multiple Paths | Free | Download |
| SkyTower 1 | Int | SSH Tunneling | Free | Download |
| VulnOS 2 | Int | General Pentest | Free | Download |
| HackLAB: Vulnix | Int | General Pentest | Free | Download |
| pWnOS 2.0 | Int | Old School | Free | Download |
| Prime 1 | Int | General Pentest | Free | Download |
| NullByte | Int | General Pentest | Free | Download |
TryHackMe Labs (Initial Access)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Nmap Live Host Discovery | Network Scanning | Free | THM Link |
| Hydra | Brute-forcing | Free | THM Link |
| Blue | EternalBlue (MS17-010) | Free | THM Link |
| Vulnversity | Upload Vulnerabilities | Free | THM Link |
| Bounty Hacker | FTP/SSH Attacks | Free | THM Link |
HackMyVM Labs (Initial Access)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Gift | Easy | Basic Enumeration | Free | HMV Link |
| Friendly | Easy | FTP/SSH | Free | HMV Link |
| EasyPeasy | Easy | Web/Shells | Free | HMV Link |
| Unbaked Pie | Medium | Docker/Pivoting | Free | HMV Link |
HackingHub Labs (Initial Access)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Mission 1 | Easy | Basic Recon | Free | Start Mission |
| Mission 2 | Medium | Foothold | Free | Start Mission |
HackTheBox Labs (Initial Access)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Lame | Easy | Enumeration/Samba | VIP | HTB Link |
| Beep | Easy | Web/Asterisk | VIP | HTB Link |
| Cronos | Medium | DNS/Web | VIP | HTB Link |
Focus: SQLi, XSS, LFI, RCE, Manual Exploitation.
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Mr-Robot 1 | Int | Wordpress, Keys, Decoding | Free | Download |
| PwnLab: init | Int | LFI, PHP Filters, Cmd Inj | Free | Download |
| WebSploit2018 | Int | Vulnerable Apps Collection | Free | Download |
| Billu: b0x | Int | SQLi, RCE, LFI | Free | Download |
| FristiLeaks 1.3 | Int | LFI to Shell, PrivEsc | Free | Download |
| VulnCMS 1 | Beg | CMS Enumeration | Free | Download |
| Pinkys Palace v1 | Hard | SQLi, Dictionary Attacks | Free | Download |
| Pinkys Palace v2 | Hard | Proxy Tunneling, SQLi | Free | Download |
| Hacksudo: Thor | Int | CGI-bin, Shellshock | Free | Download |
| Deathnote 1 | Int | LFI, RCE, Upload | Free | Download |
| Breach 1.0 | Int | Traffic Analysis, SSL | Free | Download |
| Breach 2.1 | Int | Traffic Analysis | Free | Download |
| Raven 1 | Int | Wordpress, PHPMailer | Free | Download |
| Raven 2 | Int | PHPMailer RCE | Free | Download |
| DC-9 | Int | SQLi Search, LFI | Free | Download |
| DevGuru 1 | Int | Web Focus | Free | Download |
| Photographer 1 | Beg | Web/SMB | Free | Download |
| W34kn3ss 1 | Int | Web/PrivEsc | Free | Download |
| GoldenEye 1 | Hard | POP3, Compilation | Free | Download |
| LemonSqueezy | Int | Web | Free | Download |
TryHackMe Labs (Web App)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| OWASP Top 10 | Critical Web Vulns | Free | THM Link |
| SQL Injection Lab | Manual/Automated SQLi | Free | THM Link |
| Burp Suite Basics | Proxy Interception | Paid | THM Link |
| OWASP Juice Shop | Modern Web Exploitation | Free | THM Link |
| File Inclusion | LFI/RFI/Path Traversal | Paid | THM Link |
HackMyVM Labs (Web App)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Registry | Medium | Docker Registry/Web | Free | HMV Link |
| Base | Easy | Basic Web | Free | HMV Link |
| Site | Medium | Web Exploitation | Free | HMV Link |
| Panel | Easy | Admin Panel Bypass | Free | HMV Link |
PortSwigger Academy Labs (Web App)
| Topic | Focus | Cost | Link |
|---|---|---|---|
| SQL Injection (All Labs) | Manual SQLi Mastery | Free | Start Lab |
| Cross-Site Scripting (XSS) | Reflected, Stored, DOM | Free | Start Lab |
| Cross-Site Request Forgery | CSRF Token Bypass | Free | Start Lab |
| XML External Entity (XXE) | Injection & Retrieval | Free | Start Lab |
| Server-Side Request Forgery | SSRF & Cloud Metadata | Free | Start Lab |
| Command Injection | OS Command Execution | Free | Start Lab |
| Directory Traversal | File Path Traversal | Free | Start Lab |
| Authentication & Logic | Bypassing Controls | Free | Start Lab |
HackingHub Labs (Web App)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Hands-On Web Exploitation Course | Advanced | Various Web Vulns | Paid | Course Link |
| Nuclei Masterclass | Advanced | Vulnerability Scanning | Paid | Course Link |
| Blind XSS Masterclass | Advanced | XSS | Paid | Course Link |
| Web App Mission 1 | Easy | Common Web Vulns | Free | Start Mission |
| Web App Mission 2 | Medium | Advanced Web Vulns | Free | Start Mission |
HackTheBox Labs (Web App)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Horizontall | Easy | Strapi CMS | VIP | HTB Link |
| Pressed | Hard | WordPress/XML-RPC | VIP | HTB Link |
Focus: Recon, Lateral Movement, Tunneling. (Requires Lab Setup)
| Machine Name | Setup | Cost | Link |
|---|---|---|---|
| WinterMute 1 | Best for Pivoting. Dual-VM lab. | Free | Download |
| myHouse7 | Docker/Subnet pivoting. | Free | Download |
| Wpwn 1 | Dual NICs designed for pivoting. | Free | Download |
| Symfonos Series | Good for internal service chains. | Free | Download |
| Metasploitable 3 | Setup as dual-homed target. | Free | GitHub |
TryHackMe Labs (Pivoting)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Wreath | Full Pivoting Network (Must Do) | Free* | THM Link |
| Pivoting | Proxychains, sshuttle, Chisel | Paid | THM Link |
| Lateral Movement | Moving through Windows | Paid | THM Link |
HackMyVM Labs (Pivoting)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| WinterMute | Hard | (Clone of VulnHub Lab) | Free | HMV Link |
| Unbaked Pie | Medium | Docker Pivoting | Free | HMV Link |
| Machine | Hard | Internal Network | Free | HMV Link |
HackTheBox Labs (Pivoting)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Reddish | Insane | Chisel/Socat Pivoting | VIP | HTB Link |
| Vault | Medium | SSH Tunneling | VIP | HTB Link |
Focus: Stack Buffer Overflow.
| Machine Name | Focus | Cost | Link |
|---|---|---|---|
| Brainpan 1 | The King of BoF. Do this until you dream in hex. | Free | Download |
| Brainpan 2 | Advanced Binary Exploitation. | Free | Download |
| Stack Overflows for Beginners | Linear progression BoF. | Free | Download |
| Smasher | Web to Buffer Overflow. | Free | Download |
| Buffer Overflow Prep | Tib3rius Room (TryHackMe). | Free | THM Link |
| Gatekeeper | BoF Practice. | Free | THM Link |
| Intro To Pwntools | Scripting Exploits. | Free | THM Link |
TryHackMe Labs (Exploit Dev)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Buffer Overflow Prep | OSCP Style Stack Overflow | Free | THM Link |
| Gatekeeper | Binary Exploitation | Free | THM Link |
| Brainpan | THM Port of VulnHub Machine | Free | THM Link |
| Sudo Buffer Overflow | CVE-2019-18634 | Free | THM Link |
HackMyVM Labs (Exploit Dev)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Buffer | Medium | Stack Overflow | Free | HMV Link |
| Overflow | Medium | Binary Exploitation | Free | HMV Link |
| Brainpan | Hard | (Clone/Similar) | Free | HMV Link |
HackTheBox Labs (Exploit Dev)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| October | Medium | Buffer Overflow (ASLR/NX) | VIP | HTB Link |
| Overflow | Hard | Buffer Overflow | VIP | HTB Link |
Focus: Linux PrivEsc, Cron jobs, SUID, Kernel exploits.
| Machine Name | Focus | Cost | Link |
|---|---|---|---|
| Lin.Security | Dedicated PrivEsc Practice. | Free | Download |
| Escalate_Linux 1 | 12+ Methods of Escalation. | Free | Download |
| DC-1 | SUID Abuse. | Free | Download |
| DC-2 | Restricted Shell. | Free | Download |
| DC-3 | Kernel Exploit. | Free | Download |
| DC-4 | Sudo Abuse. | Free | Download |
| DC-5 | Screen Exploit. | Free | Download |
| DC-6 | Script Abuse. | Free | Download |
| Tommy Boy 1 | Sudo Abuse. | Free | Download |
| Temple of Doom | Node.js / Serialization. | Free | Download |
TryHackMe Labs (PrivEsc)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Linux PrivEsc | Full Linux Escalation Course | Paid | THM Link |
| Windows PrivEsc | Full Windows Escalation Course | Paid | THM Link |
| PrivEsc Arena | Multi-vector Practice | Paid | THM Link |
| Post-Exploitation Basics | Mimikatz, Bloodhound, Powerview | Paid | THM Link |
HackMyVM Labs (PrivEsc)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| PrivEsc | Medium | Multi-vector Escalation | Free | HMV Link |
| Escalate | Medium | SUID/Sudo Abuse | Free | HMV Link |
| Toxin | Medium | Kernel Exploits | Free | HMV Link |
HackingHub Labs (PrivEsc)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Linux for Hackers Course | Intermediate | Linux Skills | Paid | Course Link |
| PrivEsc Mission | Medium | Linux PrivEsc | Free | Start Mission |
HackTheBox Labs (PrivEsc)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Jeeves | Medium | Windows/RottenPotato | VIP | HTB Link |
| Return | Easy | Windows/Server Operators | VIP | HTB Link |
Focus: Kerberoasting, AS-REP, Domain Dominance.
WARNING: VulnHub is weak for AD. Use these resources instead.
| Resource Name | Type | Cost | Link |
|---|---|---|---|
| GOAD | Full Lab | Free | GitHub |
| VulnLab | Cloud Lab | Paid | Website |
| Metasploitable 3 | Local Lab | Free | GitHub |
| HTB ProLabs | Cloud Lab | Paid | Website |
| Dante | Pro Lab | Paid | HTB Link |
| RastaLabs | Pro Lab | Paid | HTB Link |
| Offshore | Pro Lab | Paid | HTB Link |
| Zephyr | Pro Lab | Paid | HTB Link |
TryHackMe Labs (Active Directory)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Active Directory Basics | AD Fundamentals | Free | THM Link |
| Attacktive Directory | Kerberos, Impacket, Domain Admin | Free | THM Link |
| Breaching Active Directory | Initial Access in AD | Free | THM Link |
| Lateral Movement in AD | Spreading through the Domain | Paid | THM Link |
| Post-Exploitation Basics | Persistence & Looting | Paid | THM Link |
HackMyVM Labs (Active Directory)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| AD | Hard | Basic AD Chain | Free | HMV Link |
| Domain | Hard | Kerberos Attacks | Free | HMV Link |
| Controller | Insane | Full Forest Compromise | Free | HMV Link |
HackingHub Labs (Active Directory)
| Mission Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| AD Mission | Hard | AD Exploitation | Free | Start Mission |
| AD Course | Advanced | Full AD Compromise | Paid | Course Link |
HackTheBox Labs (Active Directory)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Active | Easy | Kerberoasting/GPP | VIP | HTB Link |
| Blackfield | Hard | Forensics/AD | VIP | HTB Link |
| Sauna | Easy | AD Enumeration | VIP | HTB Link |
| Monteverde | Medium | Azure AD Traits | VIP | HTB Link |
| Sizzle | Hard | Deep AD | VIP | HTB Link |
TryHackMe Labs (Malware Analysis)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| History of Malware | Intro to Malware | Free | THM Link |
| MAL: Malware Introductory | Basic Concepts | Free | THM Link |
| Basic Malware RE | Reversing Fundamentals | Free | THM Link |
| MAL: Researching | Analysis & Research | Free | THM Link |
| Mobile Malware Analysis | Android/iOS Malware | Free | THM Link |
| Carnage | C2 Simulation | Free | THM Link |
| Dunkle Materie | Packed Malware | Free | THM Link |
TryHackMe Labs (Reverse Engineering)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Intro to x86-64 | Assembly Basics | Free | THM Link |
| Windows x64 Assembly | Windows Assembly | Free | THM Link |
| Reverse Engineering | RE Fundamentals | Free | THM Link |
| Reversing ELF | Linux ELF Binaries | Free | THM Link |
| JVM Reverse Engineering | Java Bytecode | Free | THM Link |
| CC: Radare2 | Radare2 Tool | Free | THM Link |
| CC: Ghidra | Ghidra Tool | Free | THM Link |
| Aster | Decompiling Python | Free | THM Link |
| Classic Passwd | Binary Reversing | Free | THM Link |
| REloaded | Various Challenges | Free | THM Link |
VulnHub Labs (Hard CTF)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Empire: Breakout | Hard | Adv. PrivEsc | Free | Download |
| doubletrouble: 1 | Hard | Misconfigs/PrivEsc | Free | Download |
| Vikings: 1 | Hard | Lateral Movement | Free | Download |
| Hacksudo: FOG | Hard | Web/Linux PrivEsc | Free | Download |
| Hacksudo: Thor | Hard | Unique PrivEsc | Free | Download |
| Metasploitable 3 | Hard | Windows Exploit | Free | GitHub |
| SickOS 1.2 | Hard | Masterful Exploitation | Free | Download |
| Tr0ll 2 | Hard | Deep Exploitation | Free | Download |
| Temple of Doom | Hard | Obscure Puzzles | Free | Download |
HackMyVM Labs (Hard CTF)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| Insane | Insane | Complex Challenges | Free | HMV Link |
| Hard | Hard | Advanced Exploits | Free | HMV Link |
TryHackMe Labs (Hard CTF)
| Room Name | Focus | Cost | Link |
|---|---|---|---|
| Motunui | Boot2Root | Free | THM Link |
| Spring | Web App Hacking | Paid | THM Link |
| Brainpan 1 | Buffer Overflow | Paid | THM Link |
| Borderlands | Boot2Root | Free | THM Link |
| Daily Bugle | CMS Exploitation | Paid | THM Link |
| Retro | Boot2Root | Free | THM Link |
| Jeff | Boot2Root | Paid | THM Link |
| Iron Corp | Web/Linux Exploit | Paid | THM Link |
| Ra | AD/Internal Network | Paid | THM Link |
| Internal | Pivoting/AD | Paid | THM Link |
| Squid Game | Malware/RE | Paid | THM Link |
| VulnNet: dotjar | Java Deserialization | Paid | THM Link |
HackTheBox Labs (Hard CTF)
| Machine Name | Difficulty | Focus | Cost | Link |
|---|---|---|---|---|
| All Hard Machines | Hard | Various | VIP | HTB Link |
| All Insane Machines | Insane | Various | VIP | HTB Link |
This project is licensed under the MIT License.
You are free to use, modify, and distribute this toolkit for personal or commercial purposes, provided that the original copyright notice and this permission notice are included in all copies or substantial portions of the software.
See the full license text in the MIT License.