SOLUTION We download the zip file, unzip it and we have package.json. We know that the web is running on NodeJS server. So we can do some NodeJS RCE. require( 'child_process') ,execSync( 'cat /f...

SOLUTION When we access the website, we try some SQL Injection but nothing happend. We need to download the source code of the web, search for flag.txt file and we see this $username == "administra...

SOLUTION Go to the website, we can see that it requires us to input pin code. Inspect the web, we know the correct pin is 9001. But we don’t have 0 button. Go to the script, we can see the data ty...

SOLUTION Firstly, we try XSS to the search bar: <script>alert(1)</script> We can see that it responses. But XSS is used for manipulating the user experience, and there is no user here...

Writeup Let scan it first, we can see there are some open ports here. Access to the website, go to my basket link. Modify settings Do some research about Maltrail (v0.53), we have payload file....

Writeup After scaning, we know some ports are opened. Connect to SMB to see what we have here So we see there is a default password, what we need to do is find which user have not changed their...

Writeup Using nmap to scan and get what port is open and web server. After accessing to /manager/html, using hydra to brute force password Using msfvenom to create payload: msfvenom -p windows...

Writeup After scanning, we know how many ports are openned. After accessing IP, it redirects us to this domain. Resolve domain Go to /invite page, F12 to see inspect the code, change to tab N...

Writeup After scanning, we know how many ports are opened, hostname and operating system is running on. Using smbclient -L {ip} to list all SMB shares. Search CVE Windows 17 on Google, we can ...

CHALLENGE DESCRIPTION Embark on the “Dimensional Escape Quest” where you wake up in a mysterious forest maze that’s not quite of this world. Navigate singing squirrels, mischievous nymphs, and grum...