Web Exploitation
-
Strategies for Approaching the Web Category
Is it a web app and is it a known application?
- CVE > Custom module vulnerabilities > Misconfiguration > Information Leak > Accumulated CVEs
Is it a web app and an admin performs some action at intervals?
- XSS 99% > SSRF + Redirect + CSRF
Is it a web app that requests a URL?
- SSRF > AFR > XSS > Code Injection > etc.
Is it a web app that requests a file upload?
- AFU > Code Injection > Code Execution
Is it a web app with a login panel?
- SQLi > Broken Authentication > Weak Password
Is it a web app with obfuscated or weird JavaScript?
- Web reverse engineering > XSS
Is it a web app with a tabular input form?
- 99% chance of poor man's SQLi
Is it a full app with dozens of endpoints?
- IDOR > Broken Authentication > Vulnerable Sessions > Race Conditions > everything -
'*' Technique
A file named with a leading dash ('-la', '-w1') can be interpreted as a command-line option when using glob patterns like 'ls *', potentially causing unintended behavior or creating an attack vector. This technique exploits how command-line utilities parse arguments starting with '-'. -
Links & Tools
Hacktricks Search / Hacktricks Wiki - Educational hacking resources
PayloadsAllTheThings (Web) - A list of useful payloads and bypass
GTFOBins - A list of binaries that can be used to bypass security restrictions
Bypass WAF with Unicode - NFKC / NKFD
Bypassing CSP using polyglot JPEGs - Inject a script and pointing it to that image
WebhookSite / RequestBin - Get a URL to collect HTTP or webhook requests
GitDumper - Dump a git repository from a website
InteractSh - DNS/HTTP(S)/SMTP(S)/LDAP Interaction
Subdomain Finder Online / SubFinder - Subdomain enumeration
JWT.io / JWT Debugger - Decode JWT
Cryptography
-
Strategies for Approaching the Crypto Category
Forensics
-
Strategies for Approaching the Forensics Category
-
Links & Tools
Binwalk / Foremost - File recovery
Wayback Archive - Explore saved web pages
Stegano Checklist - CTF Image Steganography Checklist
Aperi'Solve / StegOnline / Steg1 / Steg2 - Online Steganography
Stegseek / StegHide / Zsteg - Tools for steganography
PyRDP - RDP MITM / Converter / Player
Reverse Engineering
-
Strategies for Approaching the Reverse Category
PWN / Binary Exploitation
-
Strategies for Approaching the Pwn Category
-
Links & Tools
OneGadget - Find one gadget RCE in libc.so.6
PwnInit - Automate starting binary exploit challenges
CryptoCat Resources - Scripts & templates
PWN Cookbook
More techniques and detailed explanations will be added continuously!