This machine will challenge our pwning skills on a binary hosted by the machine. After spawning a shell, there are some files in the user home directory which are related to KeePass. We can crack t...

In this HTB challenge, we are given some ciphertexts and the source code used to generate them. It is usign ChaCha20, which is a stream cipher algorithm. The vulnerability of this script comes when...

In this HTB challenge, we are given the source code of a encrypting algorithm that is using RSA. We are also given a remote instance serving this script, so that we can retrieve the flag. The vulne...

In this machine, we will be presented with a Werkzeug webpage, whose debugging is enabled and doesn’t requiere a PIN code, so we can execute arbitray python code as the user hal. We find that this ...

This machine is an easy HTB machine, which shows a registration form to join the UHC qualifiers. It has a SQL injection vulnerability, which will allow us to upload a custom file with some PHP code...

To solve this TryHackMe machine, we will to enumerate the SMB service to get valid usernames. After that, we will bruteforce some creds and use then to achieve RCE in a search functionality. We’ll ...

To solve this TryHackMe machine, we will have to look at some CSS code, as inside a file there will be some useful comments. Using BurpSuite and intercepting some requests, we will discover a new d...