Jan 3 · 3 min read · DNS Enumeration Outside the AttackBox This room was GoBuster: The Basics, specifically the DNS enumeration task for offensivetools.thm. On paper, it’s simple: enumerate subdomains using GoBuster and a wordlist. In practice, running it outside the Try...
Join discussion
Sep 1, 2025 · 9 min read · ¿Alguna vez te has preguntado qué se esconde detrás de una página web? 🤔 En el apasionante mundo de la ciberseguridad, una de las primeras habilidades que todo hacker ético debe dominar es el fuzzing. Imagina que eres un explorador buscando tesoros ...
Join discussion
Jul 25, 2025 · 3 min read · TopTierConversions LTD released MD2PDF, a tool designed to convert Markdown documents into PDF quickly and securely—or so they claimed. As part of this challenge, we were tasked with testing the service for weaknesses. At first glance, it seemed simp...
Join discussion
Jul 18, 2025 · 3 min read · In this challenge, we explore a vulnerable cloud authentication service called Authentication Anywhere — a fictional login platform promising secure access from anywhere. But is it truly secure? 🤔 With the mention of IDOR (Insecure Direct Object Ref...
Join discussionJul 15, 2025 · 3 min read · Welcome to ToysRus, a beginner-friendly CTF room designed to introduce essential enumeration and exploitation tools commonly used in penetration testing. In this challenge, we leverage tools like Nmap, Gobuster, Hydra, Nikto, and Metasploit to uncove...
Join discussion
Jul 15, 2025 · 6 min read · Welcome to Lian_YU, a beginner-friendly CTF box with an Arrowverse theme. While the storyline and references might feel familiar to fans of the Arrow series, prior knowledge isn't required to complete the challenge. The goal is simple: enumerate thor...
Join discussion
Jul 14, 2025 · 3 min read · Welcome to the "Year of the Rabbit" — a lighthearted CTF-style box that offers a balanced mix of enumeration, basic exploitation, steganography, and privilege escalation to warm up your hacking skills for the new year. In this walkthrough, we’ll use ...
Join discussion
Jul 12, 2025 · 4 min read · In this box, we walk through a hands-on experience of a basic CTF-style Linux machine, where we explore critical concepts useful for real-world penetration testing and OSCP prep. The focus is on: 🔍 Reconnaissance using tools like nmap and gobuster ...
Join discussion
Jul 11, 2025 · 3 min read · In this task, we explore the fundamentals of enumeration, exploitation, and privilege escalation on a vulnerable machine. By leveraging tools like Nmap, Gobuster, cURL, John the Ripper, and Steghide, we methodically uncover hidden directories, decode...
Join discussion
