Hello guys and welcome back for another walkthrough this time we are going to be tackling a machine from HackMyVm called Hotel a CTF like machine where we gain an initial foothold by exploit a remote code execution vulnerability (RCE) in a web application software called HotelDruid then after getting a shell on the box we find a ttylog file and using ttyplay we are able to read the file and get credential of the user person login into the system via SSH as the person user then exploit a misconfiguration on wkhtmltopdf to get root on the box it’s a really nice challenge and we are going to be doing a little bit of port forwarding using ngrok without much say let jump in

I recorded a Youtube video of the challenge and below is the URL you can use to access

https://youtu.be/me5OBerXiLs

--

--

Hello guys and welcome back to my channel this time am going to be taking you through a CTF challenge from CTFROOM called insecure. The challenge show the limitations of using preg_replace() in PHP for match and replace operations and how it can be exploited to cause unintended functionality in a web application. It’s a really simple and fun challenge and without much say lets jump in

I recorded a youtube walkthrough which can be accessed with the link below

link

--

--