This box is rated medium difficulty on THM. It involves us exploiting command substitution to grab a reverse shell through a custom pinging tool, as well as privilege escalation through cronjobs an...

This box is rated hard difficulty on THM. It involves us exploiting a second-order SQL injection vulnerability to dump user credentials, finding SSTI in a similar application to get a reverse shell...

This box is rated hard difficulty on THM. It involves us port knocking to access a Werkzeug web server, exploiting XSS to steal an admin session, grabbing a reverse shell via LFI, escaping a docker...

This box is rated medium difficulty on THM. It involves us enumerating a developer subdomain to find a temporary password used at an administrator panel. Then we grab a reverse shell with an authen...

This box is rated hard difficulty on THM. It involves us exploiting a race conditions to add gold to our account, allowing us to buy premium functions on the website. Using those to grab a reverse ...

This box is rated medium difficulty on THM. It involves us exploiting SQL injection to grab low level user credentials, brute forcing another user’s login, and abusing environment variables alongsi...

This box is rated medium difficulty on THM. It involves us using an XSS vulnerability to capture an admin token on a website which leads to a dumping a database via SQL injection. A message enumera...

This box is rated medium difficulty on HTB. It involves us getting access to a developer subdomain via an exposed Git repository on the main site. Then, we gain RCE with the PHAR stream wrapper to ...

This box is ranked easy difficulty on HTB. It involves us exploiting an SSRF vulnerability to forward a web server running internally on port 80. Then, we use a known way to inject OS commands on t...

This box is rated hard difficulty on THM and directly translates to “Time flies harder”.  It involves us finding a command injection vulnerability in a file upload function that lets us get a reve...