Challenge Description Think small, and simple. No fancy ROP chains or shellcode necessary, a single byte should be sufficient. Challenge Info     Chall...

Challenge Description Years ago there was this neat little bug discovered in OpenSSL, which became known as “Heartbleed”. The world’s first bug with a name. Heck, it even had a logo! I have attemp...

Challenge Description This one should be quite straight forward. Can you trick this program into popping a shell without even bothering to overwrite the return address? Why pick the lock when you ...

Summary Sau starts with a web application hosted on port 55555/TCP which appears to be a request-baskets application with version 1.2.1 which is vulnerable to SSRF CVE-2023-27163. Using the SSRF t...

Challenge Description We are inside D12! We bypassed the scanning system, and now we are right in front of the Admin Panel. The problem is that there are some safety mechanisms enabled so that not...

Summary CyberMonday starts with a website that is hosted using Nginx and created using Laravel as a PHP framework. The Nginx configuration was suffering from nginxoffbyslash, which occurs when an ...

Summary Pilgrimage starts with a website that hosted using Nginx which aimed to help users to SHRINK their images size. Enumerating helps to found /.git dir which contains the website’s source php...

Summary Broker starts with a website that hosting a version of Apache ActiveMQ. Enumerating the version of Apache ActiveMQ shows that it is vulnerable to Unauthenticated RCE, which is leveraged to...

Summary Topology starts with a website for a Math department which contains multi virtual hosts. LaTeX Vhost used to convert math functions into an images. By performing Latex injection to gain ar...