Hack The Box Challenges (Web)
Personal writeups from Hack The Box challenges with nice explanations, techniques and scripts
<- HTB CHALLENGESWeb - Total:
67
CTFJavaScript. Code injection CTFCross-Site Scripting. Cookie hijacking CTFOpen Redirect. JWKS and JWT forgery. OTP bypass CTFServer-Side Request Forgery. localhost bypass. HTTP Request URI CTFCRLF Injection. RegEx bypass. Server-Side Template Injection CTFSQL injection. Password hash cracking CTFPHP. Time-based SQL injection. WAF bypass CTFGo. Server-Side Template Injection. Local File Read CTFCross-Site Request Forgery. Remote Code Execution CTFInsecure deserialization with pickle CTFPHP. Code injection. Remote Code Execution CTFServer-Side Request Forgery. IP address bypass CTFMongoDB. NoSQL injection CTFBoolean-based SQL injection. Transfer-Encoding chunked CTFServer-Side Request Forgery. TOCTOU CTFHTTP Parameter Pollution CTFHA-Proxy. HTTP request smuggling via WebSocket. Server-Side Request Forgery. MongoDB Wire Protocol. Gopher Protocol. Cypher injection (neo4j). Command injection. RCE CTFGo. gRPC. Client-side verification. Directory traversal. Arbitrary File Write. Server-Side Rendering CTFBoolean-based SQLi in ORDER. Automate flag extraction CTFXPATH injection. Automate flag extraction CTFMongoDB. NoSQL injection. Automate flag extraction CTFJava. CVE. SnakeYAML insecure deserialization CTFCouchDB. NoSQL injection. Authentication bypass CTFPHP deserialization. Local File Inclusion. Log Poisoning CTFParameter injection. Local File Read CTFFlask. Server-Side Template Injection. RCE CTFCross-Site Search. Bypass Same-Origin Policy for exfiltration CTFServer-Side Request Forgery. Regular Expression Denial of Service CTFInsecure Deserialization in pickle. SSRF in Redis CTFMalicious file upload. SSTI to XSS. CSP bypass CTFJWT. Server-Side Template Injection CTFSQL injection. Directory Traversal. Local File Read CTFCross-Site Scripting. Insecure Direct Object Reference CTFJavaScript. Prototype Pollution CTFInsecure deserialization with pickle CTFGraphQL batching attack. OTP and rate limit bypass. JWT. CSP. DOM Clobbering. XSS CTFDirectory Traversal. Local File Read. JWT. Broken Access Control. SSRF. Command Injection. RCE CTFXML External Entity injection CTFStack-based SQL injection CTFServer-Side Template Injection CTFnginx. Directory listing CTFPHP. Remote Code Execution. PHPMailer (CVE) CTFCode injection. Read remote file CTFAuthentication bypass. JavaScript code injection CTFSQLi in SQLite to RCE in PHP CTFSSRF. Path Traversal. Gopher protocol. Redis RCE CTFSVG file read through image. Forge session cookie CTFPython. Third-party dependencies. Code Injection. RCE CTFNode.js. Third-party dependencies. Code Injection. RCE CTFSSTI with limited characters CTFSQL injection. Authentication bypass CTFSession cookies. Authentication bypass CTFCommand injection. Remote Code Execution CTFPrototype Pollution. AST Injection CTFTAR Directory Path Traversal. Server-Side Template Injection