Google XSS Game Explained

Cross-site scripting or XSS has been one of those vulnerabilities in security that I am aware of and can exploit with a lot of luck but never really understand the ins and outs. Being that I’m tired of guessing and checking to exploit these vulnerabilities we are going to start with the basics and try... Continue Reading →

OverTheWire Leviathan 0-7

Here are my notes/answers for leviathan. Was surprised at the ease of these challenges as I remember attempting them a couple of months ago and being absolutely clueless after level 1. Guess that's a nice sign of improvement! Level 0 User: leviathan0 Pass: leviathan0 ‘ls -a’ reveals a directory called ‘.backup’ which contains a file... Continue Reading →

OverTheWire Natas 20-24

Level 20 User: natas20 Pass: eofm3Wsshxc5bwtVnEuGIlr7ivb9KABF Back to having source code, let’s take a look and find the important stuff.    if($_SESSION and array_key_exists("admin", $_SESSION) and $_SESSION["admin"] == 1) {    print "You are an admin. The credentials for the next level are:<br>";    print "<pre>Username: natas21\n";    print "Password: <censored></pre>";    } So first we can see that there... Continue Reading →

OverTheWire Natas 0-9

Lately I've been working on the Natas challenges again. Been a while since I have but I was surprised at how much easier the challenges were for me now compared to the last time. Here are levels 0 through 9. While these challenges are very basic the later Natas challenges have actually gotten quite intuitive.... Continue Reading →

Reversing Challenge: Snake HTB

To solve this quickly please look at the method stated at the bottom of the page. Firstly we download the zip from htb and unzip this to obtain the file we will be reversing ‘’. I will be completing this challenge using kali linux x64 but it should be very similar on any OS with... Continue Reading →

Poison HackTheBox Notes

As I continue to post my notes for retired boxes you will likely notice a drastic increase in detail. A few boxes were completed when I was just getting into cyber security and since then I have learned a lot in regards to documentation. Simply based off of the name here we can determine this... Continue Reading →

Celestial HackTheBox Notes

This box isn’t too bad and was actually pretty educational. First we started off with an nmap scan, noticing only one port open “3000”. Using the flag -sV we can use banner grabbing to determine what service is running on the port. We then found out it was node.js and a web host. So we... Continue Reading →

Create a website or blog at

Up ↑