HackTheBox - Secret

Secret starts with analyzing web source to recover a secret token from older commit. The secret is …

HackTheBox - Dynstr

Dynstr imitates a company that offers a Dynamic DNS service. The provided API for this service is …

H@cktivitycon 2021 - Web

Another late CTF writeups for H@cktivitycon 2021 web category.

H@cktivitycon 2021 - Misc

This is my late CTF writeups for H@cktivitycon 2021 miscellaneous category.

HackTheBox - Traverxec

Code execution with path traversal

HackTheBox - Atom

Supplying a malicious update definition to Electron-updater

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

HackTheBox - Doctor

Seven times seven is equal to SSTI