← All posts

Posts tagged #web

28 posts

writeup

2025 Cyber Apocalypse: Arcane Auctions

Identify and exploit secure coding vulnerabilities in a web application

#htb #ctf #secure-coding
+2
writeup

2025 Cyber Apocalypse: Web Cyber Attack

Exploit path traversal vulnerability in a PHP web application to extract the flag

#htb #ctf #web
+3
writeup

2024 Hack The Boo: Cursed Stale Policy

Exploit stale cache policy vulnerabilities in a web application with Content Security Policy analysis

#htb #ctf #web
+3
writeup

2024 Hack The Boo: Waywitch

Exploit JWT authentication bypass and token manipulation in a Node.js web application

#htb #ctf #web
+3
writeup

2024 Cyber Apocalypse: Testimonial

Exploit gRPC path traversal to overwrite application files

#htb #ctf #web
+3
writeup

2024 Cyber Apocalypse: TimeKORP

Exploit command injection in time-based functionality

#htb #ctf #web
+2
writeup

2024 Cyber Apocalypse: KorpTerminal

Exploit SQL injection to retrieve credentials and login

#htb #ctf #web
+2
writeup

2024 Cyber Apocalypse: Labyrinth Linguist

Exploit Apache Velocity Server-Side Template Injection (SSTI)

#htb #ctf #web
+3
writeup

2024 Cyber Apocalypse: LockTalk

Exploit JWT vulnerabilities in python-jwt version 3.3.3

#htb #ctf #web
+3
writeup

2024 Cyber Apocalypse: SerialFlow

Exploit memcached injection and Python pickle deserialization for RCE

#htb #ctf #web
+4
writeup

2024 Cyber Apocalypse: Web SerialFlow

Exploit serialization vulnerabilities to achieve RCE through pickle deserialization

#htb #ctf #web
+3
writeup

HTB Hack The Boo Practice: Candyvault

NoSQL injection in login form to bypass authentication

#htb #ctf #web
+3
writeup

HTB Hack The Boo Practice: Web Pumpkinspice

Command injection vulnerability in localhost-restricted endpoint

#htb #ctf #web
+3
writeup

HTB Hack The Boo Practice: Web Spellbound Servants

Pickle deserialization exploitation for remote code execution

#htb #ctf #web
+4
writeup

HTB Hack The Boo Practice: Web Spooktastic

XSS via filter bypass using noembed tag

#htb #ctf #web
+3
writeup

HTB Hack The Boo Practice: Web Candyvault

NoSQL injection in authentication bypass with MongoDB

#htb #ctf #web
+3
writeup

HTB Hack The Boo 2023: Web HauntMart

SSRF vulnerability leading to admin account creation

#htb #ctf #web
+3
writeup

HTB: download Writeup

download is a Hard-difficulty Linux machine from HackTheBox. Partial writeup with reconnaissance findings documented.

#htb #writeup #linux
+4
writeup

2023 Business CTF: Vanguard

Full exploitation of a web application with file upload vulnerability, command injection, and privilege escalation.

#htb #ctf #fullpwn
+4
writeup

2023 Business CTF: Web Watersnake

Exploit a Java deserialization vulnerability in a water level monitoring application.

#htb #ctf #web
+5
writeup

2023 Cyber Apocalypse: Orbital

Exploit SQL injection vulnerability and use path traversal to extract flag

#htb #ctf #web
+3
writeup

2023 Cyber Apocalypse: Didactic Octo Paddle

Exploit IDOR and JWT vulnerabilities in shopping application

#htb #ctf #web
+3
writeup

2023 Cyber Apocalypse: Passman

Exploit IDOR vulnerability in GraphQL API to access admin data

#htb #ctf #web
+3
writeup

2022 Hack The Boo: Cursed Party

JWT authentication bypass through XSS to steal admin session and access flag

#htb #ctf #web
+5
writeup

2022 Hack The Boo: Evaluation Deck

Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation

#htb #ctf #web
+5
writeup

2022 Hack The Boo: Horror Feeds

SQL injection in user registration leading to authentication bypass and flag theft

#htb #ctf #web
+4
writeup

2022 Hack The Boo: Juggling Facts

IP spoofing via X-Forwarded-For header to bypass localhost-only admin access

#htb #ctf #web
+4
writeup

2022 Hack The Boo: Spookifier

Server-Side Template Injection (SSTI) in Mako template engine leading to RCE

#htb #ctf #web
+5