Learning to look for exploits on manual enumeration and really interesting privilege escalation based on badly configured permissions and cronjobs!

Really cool box that chains together two different exploits for the Magento CMS followed by a really simple yet amusing way of privilege escalation with vi!

Interesting machine focused on enumeration, it also shows how to get JWT tokens. Credentials are the key!

In this blogpost I’ll be explaining how to find the inverse of a modular matrix as I solve one of the crypto challenges from HarekazeCTF 2019. Definitely for those who like math!

Is it a blind SQL? Although my python script output looks like it, it is not. Interesting write-up of a padding attack on AES 128, crypto can be fun!

Really good machine to learn about DNS, also includes LFI and python library poisoning! One of my best ones so far!

File upload that leads to user and then kernel exploit. Too easy right?

It was indeed a chaos: from wordpress and pdf exploitation with latex to connection with email servers and shell escape. Want to know more?

Easy machine, but did you know that Curl had a configuration flag?

Blind SQL injection in the user-agent field? Nobody expected that…