| Ariekei | Shellshock (CVE-2014-6271) · Port Forwarding / Pivoting | 3 |
| Brainfuck | WordPress Exploitation · Information Leakage | 4 |
| CrossFit | Subdomain Enumeration · Cracking Hashes (hashcat / John) · Port Forwarding / Pivoting · CSRF (Cross-Site Request Forgery) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| CTF | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | 4 |
| Fortune | OS Command Injection | 3 |
| Fulcrum | Remote File Inclusion (RFI) · XML External Entity · Information Leakage · Active Directory · Brute Force / Rate-Limit Bypass · Port Forwarding / Pivoting · Server-Side Request Forgery · Remote Code Execution (RCE) | 3 |
| Jail | Buffer Overflow (BoF / ROP) | 3 |
| Nightmare | OS Command Injection · SQL Injection · Port Forwarding / Pivoting · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 2 |
| Reddish | Port Forwarding / Pivoting | 3 |
| Sink | HTTP Request Smuggling · Information Leakage | 3 |
| Stacked | Subdomain Enumeration · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Toby | Cracking Hashes (hashcat / John) · Port Forwarding / Pivoting | 3 |