14.4.2

October 2, 2025

Earlier, we used the escape variable to detect if the target is running EJS. We can also use this variable to obtain RCE with some additional payload modifications. Find how to obtain RCE by pollut...

14.2.3 (P)

October 2, 2025

Find a value (other than toString) that will crash the application when it is set in the prototype.

13.7.1

October 2, 2025

The current reverse shell isn't fully interactive and can cause the gateway to hang. Upgrade to a fully interactive shell.

13.6.2

October 2, 2025

Create a web server in your choice of programming language to handle the JavaScript callbacks and automatically URL-decode the data.

13.6.1

October 2, 2025

Modify the JavaScript function to avoid data truncation by sending the data in multiple requests if the data is longer than 1024 characters.

13.4.5 (Incomplete)

October 2, 2025

Create a second script that enumerates based on host name. Try using the script to identify the live hosts.

« Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 Next »