Posts

Room / Challenge: Professor’s View (Web) Metadata Author: jameskaois CTF: CrewCTF 2025 Challenge: Professor’s View (web) Target / URL: https://professors-view.chal.crewc.tf/ Difficulty: Hard Points: 477 Tags: web, xss, sqli, auth, enumeration Date: 21-09-2025 Goal We have to get the flag of the Professor which is showned in his dashboard. My Solution Here is the Source Code Unlike Hate Notes and Love Notes, Professor’s View response is set: Content-Security-Policy: script-src 'self' https://js.hcaptcha.com/1/api.js; style-src 'self'; img-src 'self'; font-src 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; frame-ancestors 'none'; form-action 'self'; So from now on we can skip the XSS and CSS Exfiltration. ...

Room / Challenge: Hate Notes (Web) Metadata Author: jameskaois CTF: CrewCTF 2025 Challenge: Hate Notes (web) Target / URL: https://hate-notes.chal.crewc.tf/ Difficulty: Medium Points: 426 Tags: web, xss, sqli, auth, enumeration Date: 21-09-2025 Goal We have to get access to the flag crew{...} in the admin’s note which the bot can view. My Solution Love Notes and Hate Notes share 99% of their code, but Love Notes had many more solutions than Hate Notes: My Solution for Love Notes ...

Room / Challenge: Love Notes (Web) Metadata Author: jameskaois CTF: CrewCTF 2025 Challenge: Love Notes (web) Target / URL: https://love-notes.chal.crewc.tf/ Difficulty: Medium Points: 50 Tags: web, xss, sqli, auth, enumeration Date: 20-09-2025 Goal We have to get access to the flag crew{...} in the admin’s note which the bot can view. My Solution Firstly, you can examine the source code of the Love Notes, here is the link to it Source Code. ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. SQL Injection Room - Learn how to detect and exploit SQL Injection vulnerabilities Overview Room URL: https://tryhackme.com/room/sqlinjectionlm Difficulty: Medium Time to complete: 30 Walkthrough 1. Brief What does SQL stand for? => Answer: Structured Query Language ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. Detecting Web Attacks Room - Explore web attacks and detection methods through log and network traffic analysis. Overview Room URL: https://tryhackme.com/room/detectingwebattacks Difficulty: Easy Time to complete: 60 Walkthrough 1. Introduction No hints needed! ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. OWASP Top 10 2021 Room - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks. Overview Room URL: https://tryhackme.com/room/owasptop102021 Difficulty: Easy Time to complete: 120 Walkthrough 1. Introduction No hints needed! ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. Intro to Digital Forensics Room - Learn about digital forensics and related processes and experiment with a practical example. Overview Room URL: https://tryhackme.com/room/introdigitalforensics Difficulty: Easy Time to complete: 90 Walkthrough 1. Introduction To Digital Forensics Consider the desk in the photo above. In addition to the smartphone, camera, and SD cards, what would be interesting for digital forensics? ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. Advent of Cyber 2024 Room - Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas! Overview Room URL: https://tryhackme.com/room/adventofcyber2024 Difficulty: Easy Time to complete: 1440 Walkthrough 1. Introduction Welcome to Advent of Cyber 2024 No hints needed! ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. Hydra Room - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website’s credentials. Overview Room URL: https://tryhackme.com/room/hydra Difficulty: Easy Time to complete: 45 Walkthrough 1. Hydra Introduction No hints needed! ...

This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving. Network Services 2 Room - Enumerating and Exploiting More Common Network Services & Misconfigurations Overview Room URL: https://tryhackme.com/room/networkservices2 Difficulty: Easy Time to complete: 60 Walkthrough 1. Get Connected No hints needed! ...