Box Info: Sea was an easy simple box featuring WonderCMS which is vulnerable to XSS and can be leveraged to RCE via uploading a malicious module. Enumerating system further, A database file can be ...

Box Info: Editorial was an easy box which featured a book publishing website vulnerable to SSRF. it can be used to gain access to internal API, Access to local API can reveal SSH cerds to the machi...

Box Info: Codfiy was an easy linux box featuring a web application where user can test Node.js code. Web application uses a vulnerable library vm2 which can be exploited to get a shell. Enumerating...

Privilege escalation with pacman. Pacman is Arch Linux’s package manager for installing, updating, and managing software with .pkg.tar.zst files via a simple command-line interface, If the us...

Box Info: Boardlight was an easy Linux box running a Dolibarr instance vulnerable to CVE-2023-30253. After gaining a foothold as www-data, the configuration files revealed plaintext credentials, le...

Box Info: Headless is an Easy Linux box features a simple web application which is vulnerable to Blind-XSS, With a simple payload XSS in Request header can get admin cookie, which then can be used ...

Using Parrot OS is fun on Hyper-V which is really fast compare to other hypervisors, but we can’t have an Enhanced Session in HyperV with Parrot OS Which leads to us not being able to copy paste so...

Box Info: This was one of the Insane boxes that took 7Ds for the first blood and box got very bad reviews, 11 Days after there was a hint added. Well Box is still very good to learn thing that are ...

Hello there, it’s TheCyberSimon! I have spent a good amount of time being with CTF Players and communities of these awesome Cybersecurity training platforms such as HackTheBox and TryHackMe. I us...