This is a write-up for my web challenge that I wrote for PwnSec CTF 2024 PwnSec Shop Files: pwnsec-shop.zip After reviewing the source code of the shop, we find out that it implements ...

Bing2 Files: Bing2 Simple command injection filter bypass, the code will remove all the following characters/words $substitutions = array( ' ' => '', '&' => '', '&&' => '...

Python Twister Challange description: Hack our admin. Files: twister.zip The app creates a list of 10,000 32-bit random numbers to use as password reset tokens for users. If you’re the first p...

HackThaBox Clicker machine write up. Medium diffuculty box focusing on NFS shares and CRLF. Enumeration nmap -Pn -T4 -sVC 10.10.11.232 After the Nmap report, I found that there was an NFS &am...

Devvortex Difficulty: easy 4th DEC 2023 IP: 10.10.11.242 Enumeration nmap -Pn -T4 -sVC 10.10.11.242 Foothold When accessing the IP directly thru the browser, it showed that we should reso...

Tufan Al-Aqsa IP: 10.0.0.133 Enumeration We start by scanning the machine with nmap. Discover all open ports: Check what is exactly running on these ports: Foothold There is python web ...

Hacker’s Dungeon IP: 10.0.0.133 Enumeration We start by scanning the machine with nmap. Discover all open ports: Check what is exactly running on these ports: Foothold Port 111 and 2049 Che...

Find The Panda Enumeration We start by scanning the machine with nmap. Discover all open ports: Check what is exactly running on these ports: Foothold Port 1337 Port 1337 is running vsftpd 2...