Recent Posts

MaxButtons <= 6.18 Reflected XSS

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in includes/admin_header.php, it is possible to execute scripts in the context of an admin user by inclu...

How I Hacked Bobby

11 minute read

The Bobby CTF is based on a Windows XP Pro SP3 VM with the objective of retrieving the flag found somewhere within the administrator’s personal folder.

How I Hacked Billu B0x

13 minute read

Host & Service Discovery To start my analysis of this CTF, I booted into Kali and started Metasploit [msfconsole] and ran an Nmap SYN scan to locate the ...

How I Hacked Mr. Robot (CTF Walkthrough)

9 minute read

After hearing that someone had created a Mr. Robot themed CTF, I needed to see this. As the author describes, there isn’t anything overly difficult with this...