> CTF's
Sometimes the hardest part of a CTF isn’t the exploit itself, but just getting the target to talk to you. After solving the initial connectivity puzzle, I faced a WordPress instance that seemed secure—until...
In the world of pentesting and CTFs, it’s easy to fall into the „script kiddie” trap: you download an exploit, run it, and expect a shell. But what happens when the tool fails? What do...
In this post I’ll describe how I solved a web enumeration CTF challenge. I used several basic scanning and web-application analysis techniques to ultimately retrieve the flag.
1. Basic server reconnaissance
I...