JustCTF Extra Safe Security Layers writeup
This Challenge is about exploiting cross site scripting with a strict CSP in place along with XSS Santizer and other restrictions , the interesting part in t...
Posts by Year
2023
2022
Open Source HackTheBox Writeup
In This Box we are facing interesting Stuff like Docker , git hooks and other stuff. first we got access to a docker in the machine by overwritting the appli...
meme generator challenge writeup
This challenge was in Blackhat CTF Qualifications 2022 and we have participated under the team 0xCha0s, we have managed to solve multiple challenges. this ch...
Timelapse Hackthebox writeup
In this Box we are against a windows machine has the active directory service installed on it , we can list files on smb shares and access some shared folder...
kenzy challenge Writeup
CTF name AWG 2022 challenge kenzy category web ...
Flushed Emoji challenge Writeup
Lexington Informatics Tournament CTF CTF 2022 was held from the 22nd of July Until the 25th of the month , and we have participated under the team 0xcha0s, w...
Routerspace Hackthebox writeup
In this Box we are going to examine an android appliacation (apk) , and monitroing the requests by placing a proxy we will notice a request which we can mani...
napping 1.0.1 vulnhub writeup
In This VulnHub Box, we are facing a relatively an interesting vulnerability which is tab-nabbing that will help us phish the admin to get his credentials wh...
Pandora Hackthebox writeup
In This Box we are going to enumerate the snmp port which will show user daniel with his password as a string in the output , we are going to login with ssh ...
Kryptos Support challenge Writeup
HTB Cyber Apocalypse CTF 2022 was held from the 14th of May Until the 19th of the month , and we have participated under the team 0xcha0s, we have managed to...
Unicode Hackthebox writeup
In This medium Box we are playing with JWT Tokens in specific the jku Claim Misuse , which will let us login as admin account then we will use the Unicode En...
Hacker Ts challenge writeup
Nahamcon ctf 2022 was held from the 28th of April Until the 30th of the month , and we have participated under the team 0xcha0s. this challenge idea was pret...
Windows-PrivEsc-Arena TryHackMe writeup
During studying the TCM windows privilege escalation course this is the Lab designed to cover the topics mentioned in the course. it has been a while since i...
Backdoor Hackthebox writeup
In this easy Linux box we are facing a wordpress plugin vulnerable to directory traversal letting us reading some files on the system , brute forcing the /pr...
SQL Tutor challenge writeup
DCTF 2022 was held from the 15th of April Until the 17th of the month , and we have participated under the team 0xcha0s, we have managed to solve multiple ch...
Shibboleth Hackthebox writeup
In this Box we are going to enumerate a udp port and dump the administrator hash ,then we will crack it , using these credentials we will login to the zabbix...
Secret Hackthebox writeup
In this Box we are going to follow documentation instructions to create a new user , will face sensitive data exposure will let us see a delete commit ,this ...
Devzat Hackthebox writeup
In this Hackthebox we will get a user access through a command injection in a vhost , then will make port forwarding to find a service that will give us the ...
Driver Hackthebox writeup
In this Box, we are going to abuse the ability of uploading the firmware of a shared printer and capture the NTLMv2 hash of a user on this machine. By cracki...
Bolt Hackthebox writeup
In this Hackthebox we will go analyze a docker img files and from there will find some juicy stuff will help us login to a vhost “demo” which has some functi...
Horizontall Hackthebox writeup
we got low-privilege access due to Vulnerable version of strapi CMS then got root access because of the Vulnerable Version of Laravel. main techniques used a...
Forge Hackthebox writeup
detailed writeup for retired machine Forge From Hackthebox
Previse Hackthebox writeup
In this Writeup you will find walkthrough of the retired machine previse From Hackthebox
Alferd
In this room, we’ll learn how to exploit a common misconfiguration on a widely used automation server(Jenkins - This tool is used to create continuous integr...