HackTheBox - Challenges WS-Todo image

HackTheBox - Challenges WS-Todo

Date: 30/11/2023

The functionality is very simple, you can either get or add todos...

challenges hacking hackthebox javascript ssrf web websockets xss

Reading Time: 3 minutes

HackTheBox - Challenges Saturn image

HackTheBox - Challenges Saturn

Date: 03/11/2023

I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...

bypass challenges dns dns_rebinding hacking hackthebox ssrf web

Reading Time: 4 minutes

Wizer CTF 2024 All Challenges image

Wizer CTF 2024 All Challenges

Date: 08/02/2024

Last week I was able to participate at a wonderful CTF organized over at Wizer. This CTF consisted of 6 web challenges in varying difficulty where participants were challenged to a Blitz speed-hacking competition of who can solve the most in 6 hours very generous prizes for the top 3....

2024 bypass ctfs dns dns_rebinding hacking js2py jwt nginx path_traversal serviceworkers ssrf web wizer wizerctf

Reading Time: 23 minutes