← Back to nixfred.com

Static Showcase

This is a preview of P3N73S7 LAB. The actual lab runs locally with Docker.

Get the Real Thing on GitHub

Requirements to Run

| NIGHTFALL |

Not just a lab - a conspiracy you'll uncover one hack at a time. Eight episodes teach real exploits while a story emerges: encrypted messages, evidence files, a missing whistleblower.

You'll learn: FTP backdoors, SSH brute forcing, WAR uploads, command injection, SQL injection, SMB exploits, and more.

Every command moves you closer to the truth.

EP1 EASY vsftpd

The Forgotten Door

Exploit the infamous vsftpd 2.3.4 backdoor to gain initial access.

EP2 EASY ssh-target

The Analyst

Brute force SSH credentials using Hydra and rockyou wordlist.

EP3 MEDIUM tomcat

The Deployment

Upload a malicious WAR file to Tomcat Manager for code execution.

EP4 MEDIUM samba

Shared Secrets

Exploit SambaCry (CVE-2017-7494) to upload and execute a shared library.

EP5 MEDIUM distcc

The Build Farm

Exploit DistCC daemon for remote code execution.

EP6 MEDIUM dvwa

Input Validation

Command injection through web forms to achieve reverse shell.

EP7 MEDIUM dvwa

The Query

SQL injection to bypass authentication and extract sensitive data.

EP8 HARD juice-shop

Storefront

Modern SQL injection against OWASP Juice Shop e-commerce platform.

FINALE

The Truth

Full story payoff and comprehensive skills review.