Cirilla is a Witcher-themed Telegram bot (because why not) written in Python, designed to handle a variety of IT-related tasks. I plan to incorporate some features pertaining to bug bounties in the...

First, we encounter a web server hosting a file upload, that filters for .zip archives that must contain a .pdf file. We can leverage symlinks to basically perform LFI, and read the web applicati...

This Box runs a PHP application within an IIS webserver. There is a SQLi vulnerability that allows us to create a user with a malicious name, and dump the SQL database which ends up containing cr...

We’re first met with a web application running Drupal that leaks a useful directory through the robots.txt file. The file contains a version# for the current Drupal installation that is running o...

This machine starts off with LDAP anonymous bind enabled, leading to the discovery of a user with no kerberos pre-auth required. We perform an AS-REP Roast attack on the user, and are able to acces...