HackTheBox - Machines Soccer image

HackTheBox - Machines Soccer

Date: 15/08/2023

login using default credentials: admin: admin@123 from https://github.com/prasathmani/tinyfilemanager upload simple php reverse shell and get shell as www-data...

Reading Time: 1 minutes

protected

HackTheBox - Challenges EasterBunny image

HackTheBox - Challenges EasterBunny

Date: 07/08/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges No-Threshold image

HackTheBox - Challenges No-Threshold

Date: 09/12/2023

This post is password protected, description is not available

Reading Time: 1 minutes

HackTheBox - Challenges Breaking Grad image

HackTheBox - Challenges Breaking Grad

Date: 01/11/2023

A file that particularly stands out is...

Reading Time: 2 minutes

HackTheBox - Challenges WS-Todo image

HackTheBox - Challenges WS-Todo

Date: 30/11/2023

The functionality is very simple, you can either get or add todos...

Reading Time: 3 minutes

protected

HackTheBox - Challenges ApacheBlaze image

HackTheBox - Challenges ApacheBlaze

Date: 01/11/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges Prying Eyes image

HackTheBox - Challenges Prying Eyes

Date: 10/12/2023

This post is password protected, description is not available

Reading Time: 2 minutes

HackTheBox - Challenges Saturn image

HackTheBox - Challenges Saturn

Date: 03/11/2023

I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...

Reading Time: 4 minutes

CCSC 2022 image

CCSC 2022

Date: 17/05/2022

year I could't make it in to the top 10. This year though I wanted to change that! Read until the end to see what happened....

Reading Time: 9 minutes

Wizer CTF 2024 All Challenges image

Wizer CTF 2024 All Challenges

Date: 08/02/2024

Last week I was able to participate at a wonderful CTF organized over at Wizer. This CTF consisted of 6 web challenges in varying difficulty where participants were challenged to a Blitz speed-hacking competition of who can solve the most in 6 hours very generous prizes for the top 3....

Reading Time: 22 minutes

CCSC 2023 Forgotten Classes image

CCSC 2023 Forgotten Classes

Date: 16/07/2023

This is an old API for a classroom application that is no longer used due to the AI takeover. Inside information states the API is still available and is connected to the AIs internal infrastructure. Can you can hack it and read any hidden secrets on the root / path of the server?...

Reading Time: 5 minutes

CCSC 2023 Secret Prompt image

CCSC 2023 Secret Prompt

Date: 21/07/2023

We believe the machines came up with their own mechanism to keep humans out. Deceive the machines. Make them believe you are one of them and retrieve...

Reading Time: 4 minutes