Decryptify started with deobfuscating a JavaScript file to reveal a hardcoded password, which we used to access a code snippet responsible for generating invite codes. After that, by fuzzing the we...

You Got Mail started with basic enumeration to discover a list of email addresses and create a custom wordlist to find the password for one of them. We then used this account to send phishing email...

TryPwnMe Two was a continuation of the TryPwnMe One room, featuring four additional binary exploitation (pwn) challenges. These challenges included shellcode encoding, format string attacks, heap e...

Smol started by enumerating a WordPress instance to discover a plugin with a file disclosure vulnerability. This vulnerability allowed us to identify a backdoor in another plugin, which we then exp...

Light was a simple room where we exploited an SQL injection in a SQLite database to retrieve the credentials for the admin user and a flag. Discovering the SQL Injection As per the room instruc...

Lo-Fi was a very simple room where we exploited a Local File Inclusion (LFI) vulnerability to read the flag. Although it was not necessary to complete the room, I will also demonstrate how we could...

Silver Platter was a simple room where we discovered a Silverpeas installation along with a username. We brute-forced the user’s password using a custom wordlist to gain access to Silverpeas, and b...

Fifth Side Quest started with hacking a game on Advent of Cyber Day 19 using Frida and reverse-engineering a library it uses to discover the keycard with the password, which we then used to disable...

Fourth Side Quest started with discovering an SQL injection vulnerability in a web application on Advent of Cyber Day 17, which we exploited to dump the database. From the database, we discovered a...

Third Side Quest started with exploiting an IDOR vulnerability on the web application associated with Advent of Cyber Day 12 to access the details of a transaction that did not belong to us, findin...