Skip to main content

Documentation Index

Fetch the complete documentation index at: https://rootea.es/llms.txt

Use this file to discover all available pages before exploring further.

CrossFit

··
Operating systemLinux
DifficultyInsane
IP10.10.10.208
Retirement date
SkillsFTP SSL Certificate Enumeration XSS Injection Subdomain Enumeration through the Origin Header [Access-Control-Allow-Origin] Accessing internal websites through XSS - Creating a javascript file Registering a new user through XSS - CSRF Protection Bypass Uploading a webshell with lftp Cracking Hashes Abusing Cron Job php-shellcommand exploitation - escapeArgs option is not working properly Injecting data into the database to achieve remote command execution (RCE) [User Pivoting] Binary Analysis - dbmsg [GHIDRA] Reversing Creating an exploit - Abusing Rand [Time travel] Abusing symbolic links Injecting our own public key as authorized_keys in /root

Writeups

LanguageAuthorFormatLink
🇪🇸 ESS4vitarVídeoOpen
🇬🇧 EN0xdfTextoOpen
🇬🇧 ENIppSecVídeoOpen

Skill resources

Curated documentation for each technique listed in the Skills column above. Sources: HackTricks, GTFOBins, PortSwigger, etc.
SkillSourceLink
Remote Code Execution (RCE)HackTricksOpen
Cross-Site Scripting (XSS)HackTricksOpen