Overview MonitorsTwo is an Easy Difficulty Linux machine showcasing a variety of vulnerabilities and misconfigurations. Initial foothold: Initial enumeration exposes a web application prone to p...

CONTENT HIDDEN - ACTIVE MACHINE!

Overview PC is an Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. Initial foothold: After enumerating and dumping the database’s contents, plainte...

Overview Topology is an Easy Difficulty Linux machine that showcases a LaTeX web application susceptible to a Local File Inclusion (LFI) vulnerability. Initial foothold: Exploiting the LFI flaw a...

Description: Alright, enough of using my own encryption. Flask session cookies should be plenty secure! server.py http://mercury.picoctf.net:53700/. This challenge is a continuation ...

Overview Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. Initial foothold: It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which...

Description: Try to recover the flag stored on this website http://mercury.picoctf.net:2148/. The homepage looks like this: When visiting robots.txt we get the follow...

Serialization Serialization is the process of converting complex data structures, such as objects and their fields, into a flatter format that can be send and received as a sequential stream of by...

[Insecure deserialization - Theory] Identification During auditing, you should look at all data passed into the website and try to identify anything that looks like serialized data. Once yo...

Description: - The homepage looks like this: This is a continuation of the Some Assembly Required 1 challenge, and it looks pretty similar. If we use the browser’s de...