| Principal | Hack The Box | Medium | - JWT bypass
- Cred leak
- SSH reuse
- CA privesc
| principal | Principal.png |
| Browsed | Hack The Box | Medium | - SSRF
- RCE
- Sudo abuse
- Python import hijacking
| browsed | Browsed.png |
| Jack-of-All-Trades | Try Hack Me | Easy | - Port misconfiguration
- Encoding / decoding chain
- Stego
- RCE
- Brute force
- SUID abuse
| jack-of-all-trades | Jack-of-All-Trades.jpeg |
| Jax sucks alot............. | Try Hack Me | Easy | - Insecure deserialization
- Sudo misconfiguration
| jax-sucks-alot | Jax sucks alot..............png |
| Crylo | Try Hack Me | Medium | - SQLi
- Bypass 2F
- Decrypt
sudoers
| crylo | Crylo.png |
| Break Out The Cage | Try Hack Me | Easy | - Anonymous FTP
- Spectrogram → Vigenere key
- base64 + Vigenere → SSH creds
- Writable .quotes + cron injection → cage shell
- Email → Vigenere → root password
| break-out-the-cage | Break Out The Cage.jpeg |
| Hijack | Try Hack Me | Easy | - NFS misconfiguration
- UID impersonation
- FTP credential exposure
- Password list brute force
- Cookie forgery (Base64 + MD5)
- Hardcoded DB credentials
LD_LIBRARY_PATH hijacking- Shared library injection
| hijack | Hijack.png |
| All in One | Try Hack Me | Easy | - WordPress plugin LFI
- WordPress theme editor
- Plaintext password in world-readable file
- sudoers
| all-in-one | All in One.png |
| Anonforce | Try Hack Me | Easy | - Anonymous FTP access
- Exposed filesystem via FTP
- PGP private key leak
- Weak PGP passphrase
- Shadow file backup exposure
- Root hash cracking
| anonforce | Anonforce.jpeg |
