cheatsheet · 5 min
Cross-Site-Scripting (XSS) – Cheat Sheet
Complete guide to XSS vulnerabilities: types (Reflected, Stored, DOM-Based), filter bypass techniques, and payloads to evade validations and WAFs.
· Pablo Plaza Martínez
Blog
Explore our articles on cybersecurity, ethical hacking, tutorials, CTF writeups, and information security news
writeups · 2 min
WriteUp - Falafel (HackTheBox)
Falafel write-up (HackTheBox): High-level Linux machine that exploits SQL injection + PHP type juggling to bypass login, uploads webshell via wget + path truncation, and escalates to root via debugfs in disk group to read /root.
· Manuel López Pérez
writeups · 2 min
WriteUp - Chatterbox (HackTheBox)
Chatterbox write-up (HackTheBox): Easy Windows machine that exploits a buffer overflow in AChat (CVE-2015-8295) to gain RCE, then escalates to SYSTEM by abusing the WinLogon registry and psexec.
· Manuel López Pérez
tutorials · 1 min
Stealing Credentials with a FakeAP
Practical guide to creating a fake WiFi access point (Evil Twin / FakeAP) with Wifiphisher. We clone a hotel captive portal, deauthenticate users, and steal credentials. Updated with modern tools and ethical recommendations.
· Pablo Plaza Martínez
writeups · 4 min
WriteUp – Crimestoppers (HackTheBox)
Crimestoppers write-up (HackTheBox): high-level Linux machine that exploits LFI with PHP wrappers to read source code, uploads webshell via ZIP wrapper, steals Thunderbird credentials, and obtains root access by reversing a rootkit (mod-rootme) or Apache logs.
· Manuel López Pérez
writeups · 1 min
WriteUp - Valentine (HackTheBox)
Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.
· Pablo Plaza Martínez
writeups · 1 min
WriteUp - Canape (HackTheBox)
Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.
· Manuel López Pérez
tools · 4 min
Reverse Shell - Cheat Sheet
Updated compilation of the most common and useful reverse shells in pentesting. Includes Bash, Perl, Python, PHP, Ruby, Netcat, and bind shells. Also includes payloads generated with msfvenom and modern tools. Perfect for post-exploitation after obtaining RCE.
· Pablo Plaza Martínez