HQHồ Quang Anhinanhbii.hashnode.dev·Jul 4 · 6 min readTryHackMe — Rabbit Store (Medium) Walkthrough: Mass Assignment → SSRF → SSTI → RabbitMQ → RootRoom: Rabbit Store · Difficulty: Medium · Category: Web / Red Team TL;DR: A subscription mass-assignment bug unlocks an SSRF endpoint, which exposes an internal API doc revealing a Jinja2 SSTI endpoin00
HQHồ Quang Anhinanhbii.hashnode.dev·Jul 4 · 5 min readUltraTech (TryHackMe) — Command Injection to Root via the Docker GroupRoom: UltraTech · Độ khó: Medium · Hướng: Red / Web + Privesc Tóm tắt: REST API Node.js ở cổng 8081 có endpoint /ping dính OS command injection. Filter chặn ; | & $ \ ( ) < > và cả dấu cách, nhưng để 00
HQHồ Quang Anhinanhbii.hashnode.dev·Jul 3 · 5 min readdogcat (TryHackMe) — Walkthrough: PHP LFI → RCE → sudo env → Docker escapePlatform: TryHackMe · Difficulty: Medium · Category: Web (PHP LFI) → RCE → sudo → Docker escape Stack: Apache 2.4.38 / PHP 7.4.3 (Debian, trong Docker container); 4 flag Tóm tắt Web app cho xem ảnh c00
HQHồ Quang Anhinanhbii.hashnode.dev·Jul 3 · 4 min readMr Robot CTF (TryHackMe) — Walkthrough: WordPress RCE → SUID nmap privescPlatform: TryHackMe · Difficulty: Medium · Category: Web (WordPress) → Linux privesc Stack: Apache + WordPress (theme twentyfifteen), SSH; boot2root với 3 "key" (chuỗi 32 hex) Tóm tắt Máy chạy WordPr00
HQHồ Quang Anhinanhbii.hashnode.dev·Jul 3 · 4 min readWonderland — TryHackMe Web Challenge WalkthroughWonderland — TryHackMe Web Challenge Walkthrough Platform: TryHackMe · Difficulty: Medium · Category: Web foothold → Linux privesc (boot2root) Stack: Apache (port 80) + SSH; chuỗi leo quyền alice → ra00