I started the Rabbit Store challenge by taking advantage of a mass assignment vulnerability to create an already activated account. This gave us access to an API endpoint that was vulnerable to Server-Side Request Forgery (SSRF). Using the SSRF, we found the API documentation, which led us to another endpoint with a Server Side Template Injection (SSTI) vulnerability. I exploited that to get Remote Code Execution (RCE) and opened a shell on the server.

a medium-rated TryHackMe room that focuses on exploiting vulnerabilities in a WordPress site and performing privilege escalation to obtain the flag.

The Billing room on TryHackMe teaches you how to exploit a vulnerable billing system using basic web hacking techniques.

The Billing room on TryHackMe teaches you how to exploit a vulnerable billing system using basic web hacking techniques.

all tools in kali tools in thier catagory

Implementing your own military-grade encryption is usually not the best idea.

how insecure FTP configurations, overly permissive NFS exports, and poorly coded set-UID scripts can be chained together to achieve full system compromise.

Pyrat room is a beginner-friendly Capture The Flag (CTF) challenge focused on exploiting a vulnerable Python-based web application. The machine hosts a Python interpreter over a raw TCP connection, allowing arbitrary code execution. The challenge involves gaining a reverse shell, enumerating hidden credentials in a Git repository, escalating privileges from a web user to the main user, and finally gaining root access by analyzing an insecure custom RAT (Remote Access Tool). This room teaches skills in enumeration, reverse shell creation, Git credential leaks, and basic privilege escalation.

This room teaches how to bypass PHP disabled functions, commonly used in Web CTFs and real-world restricted environments.

Hack this machine and get the flag. There are lots of hints along the way and is perfect for beginners!