I'm linking the playlists for both labs here to avoid single posts for every video. Check out https://vulnlab.com if you want to try them out!
Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup & SeRestore Privileges.
Rainbow is a medium difficulty machine that involves a SEH-based buffer overflow for user and a UAC bypass for root.
This is a short walkthrough on Lustrous, a chain consisting of 2 machines on vulnlab.
On December 10th 2021 the Log4Shell vulnerability, a "0-day" exploit in log4j2 appeared on Twitter. In this post, we will explore how to exploit it with LDAP in a lab environment.