Default credentials, Vertical Escalation to Admin on the Web App, Reaching Internal API via SSRF, Fuzzing LFI Payloads and SSH Brute Force.

Account takeover via XSS and hidden file discovery.

This challenge is a cryptography challenge from CTFlearn. It’s a hard level challenge based on Linear-feedback Shift Register (LFSR). Challenge Description Hello! I have just implemented a super-...

CyberLens is an easy level boot2root machine available on TryHackMe. This box is a Windows machine with a vulnerable web application. The goal is to exploit the web application to get a reverse she...

AudioEdit is a hard web challenge on CTFlearn. That challenge is about exploiting SQL injection vulnerability in the metadata of an audio file. Solution When we visit the website, we see a simple...

BoilerCTF is an annoying boot2root challenge on TryHackMe. It has a lot of rabbit holes! Definitely, easy-medium level challenge if the creator didn’t put those rabbit holes. Enumeration As alway...

StuxCTF is a medium level boot2root challenge on TryHackme. This room consists of Diffie-Hellman key exchange, PHP deserialization attack and privilege escalation. Enumeration As always, we start...

UltraTech is an semi-guided room that covers the basics of penetration testing which are Enumeration, Privilege Escalation and WebApp testing. Enumeration Port Scanning As usual, we start with po...

This is actually pretty simple. We are given a multiple times base64 encoded string. We need to decode it to get the flag. The challenge file is here and to reach the challenge page click here. S...

RSA Noob is a cryptography challenge from CTFLearn. It is actually pretty simple. We are given a public key and a ciphertext. We need to decrypt the ciphertext to get the flag. Challenge Here’s ...