Dec 11, 2025 · 5 min read · Introduction The Merry XSSmas room demonstrates how improper input handling can lead to dangerous client-side vulnerabilities. This challenge focuses on two common web vulnerabilities: Reflected XSS
Join discussion
Dec 5, 2025 · 5 min read · Introduction The W1seGuy room demonstrates a classic cryptographic mistake: using XOR encryption with a short repeating key. This challenge highlights how predictable plaintext combined with weak XOR
Join discussion
Nov 21, 2025 · 4 min read · Initial Reconnaissance sudo nmap -sS -sV -T4 TARGET_IP -vvv Key Findings: HTTP service running FTP service running SSH service available Directory Discovery The main HTTP page showed Nicolas Cage content with limited information The directory b...
Join discussionNov 21, 2025 · 2 min read · Initial Enumeration Nmap Scan Scanning for open ports and services: nmap -sS -sV -sC TARGET_IP Results: Port 80: HTTP Port 5000: HTTP (admin panel) Vulnerability Discovery Gobuster Enumeration Running directory brute force to discover hidden en...
Join discussionNov 21, 2025 · 5 min read · Description Fred Flintstone & Barney Rubble! Barney is setting up the ABC web server and trying to use TLS certificates to secure connections, but he's having trouble. Here's what we know: nginx on port 80, redirecting to a custom TLS webserver on p...
Join discussionNov 21, 2025 · 5 min read · Initial Enumeration Nmap Port Scan Starting with a full port scan to identify all open services: sudo nmap -sS -T4 -p- TARGET_IP Service Version Detection Once ports are identified, scanning for service versions and running default scripts: sudo nma...
Join discussion
