RFI Challenge — TryHackMe
Remote File Inclusion exploitation.
Writeups & Labs
Canonical lab writeups & walkthroughs.
Web Exploitation
Stored XSS Cookie Exfiltration
Stored XSS to extract session cookies.
Bolt CMS — RCE
Bolt CMS exploitation leading to RCE.
Pickle Rick
Web enum → creds → sudo escalation.
Enumeration & Authentication
Username / Password Enumeration
Hydra + Burp authentication enumeration.
Burp Intruder Ticket Enumeration
ID brute via Sniper + 200 OK logic.
HA Joker CTF
Enum + bruteforce + cracking chain.
Privilege Escalation
Simple CTF
CMS exploit → crack → root.
Pyrat
Reverse shell → git creds → SSH → root.
Mr Robot
WordPress → shell → SUID Nmap.
Full CTF Walkthroughs
Basic Pentesting
Full engagement chain.