Writeups by 0xR4IF

TryHackMe - Injectics

Medium

A web-focused box exploiting SQLi, SSTI, and RCE techniques through smart injection chaining and filter bypassing.

SQL-injection Filter Bypass RCE
Click to read →

TryHackMe - Include

Medium

A PHP box focusing on insecure object merging, SSRF, LFI, and Log Poisioning for privilege escalation and code access.

Prototype Pollution LFI SSRF
Click to read →

TryHackMe - Whats Your Name?

Medium

A social media box focusing on blind XSS, session hijacking, and fetch-based CSRF for privilege escalation and admin access.

XSS CSRF Privilege Escalation
Click to read →

TryHackMe - Hammer

Medium

This box is focused on a recovery code brute-forcing and JWT exploitation through kid header manipulation and payload tampering, leading to admin privileges and RCE.

Brute Force JWT RCE
Click to read →

TryHackMe - El Bandito

Hard

The box is focused on SSRF > WebSocket tunneling via crafted 101 response, and an HTTP/2 to HTTP/1.1 desync attack, leading to request hijacking.

WebSockets HTTP Request Smuggling HTTP/2 > HTTP/1.1
Click to read →
Loading ...