Shibboleth is a relatively easy medium linux box. It’s running an instance of Zabbix which you can identify by bruteforcing for hidden subdomains. Once discovered, you need to exploit an ASF-RMCP/I...

This is an exercise in OWASP DVWA for exploiting SQL injection. Error-based SQL Injection - DVWA Difficulty: Easy In this mode, we are presented with a form to enter a user ID, which is used...

This is an exercise in OWASP DVWA for exploiting file upload vulnerabilities. File Upload - DVWA Difficulty: Easy In this mode, we are presented with a file upload form; As expected, ther...

This is an exercise in OWASP DVWA for local and remote file inclusion. File Inclusion - DVWA Difficulty: Low In this mode, we are presented with 3 URLs, both of which accept a filename as a ...

This is an exercise in OWASP DVWA where I chained Stored XSS with CSRF. CSRF and Stored XSS - DVWA For this challenge, we will be chaining the CSRF vulnerability with stored XSS vulnerability ...

This is an exercise in OWASP DVWA for command injection. Command Injection - DVWA Difficulty: Easy This mode gave us an input field for an IP address. Following submission, and a short delay...

This is an exercise in OWASP DVWA on login bruteforcing. Bruteforce - DVWA Difficulty: Easy In this mode, we were presented with a login form; The form is submitted in a GET request with ...

This is an exercise in OWASP DVWA for exploiting blind SQL injection. Blind SQL Injection - DVWA Difficulty: Easy In this mode, we are given a simple form that checks if a user exists with t...

Secret is an easy linux box where you have to exploit a sensitive information leak in a git repo to recover a JWT secret, which allows you to forge a JWT token that gives you access to an API endpo...

Devzat is a pretty easy medium linux box. It starts with a website that inform you about a chat service on the host accessible on port 8000. Some enumeration will yield a hidden subdomain that’s vu...