Red team
PHP serialisation
Green team
Blue team
Purple team
Indigo team
Contact
Initializing search
Red team
Fox stealth.
Raccoon grit.
Squirrel-
level entitlement.
Fox stealth.
Raccoon grit.
Squirrel-
level entitlement.
IN:
Where the falcons and foxes roam
IN:
Where the falcons and foxes roam
Swoop like falcons, silent, precise, and lethally patient
Fox hunting through the digital wilds
A canopy of apple-
blossom
A canopy of apple-
blossom
Field notes from the fragrant branches of web app exploitation
Portswigger Academy labs:
Controlled burn
Root-
me:
Orchard foraging
Root-
me:
Orchard foraging
Root-
Me Web client challenges
Root-
Me Web server challenges
Root-
Me Web server challenges
Insecure code management
Directory traversal
File upload:
null byte
PHP assert
()
PHP Filters
PHP Register globals
JWT Introduction
JWT
(not) revoked token
JWT weak secret
Python:
Server-
side Template Injection Introduction
Command injection:
filter bypass
Java:
Server-
side Template Injection
(SSTI)
Local file inclusion
Local file inclusion:
double encoding
PHP preg_
replace
PHP type juggling
SQL injection:
authentication
SQL injection:
string
XSLT code execution
PHP path truncation
PHP serialisation
SQL injection:
numeric
SQL injection:
routed
SQL truncation
XPath injection:
authentication
SQL injection:
time-
based
Petals and pentesting priorities
Getting a foothold in the top of the world tree
Hack the planet? Nah, just hold the door for me
Where wild boars plough through endpoints
Wolverines do not ask for permissions
Riches in the ground
THROUGH:
Where the raccoons burrow and rummage
OUT:
Where squirrels swipe the crown jewels
Myrddin’s Menagerie
PHP serialisation
¶
root-me challenge PHP - Serialization
: Get administrator access.
Back to top
