Posts by Tag

• ctf 36
• Writeup 33
• Linux 25
• Windows 11
• Web Security 10
• CVE 9
• Web-Enumeration 9
• Web 7
• XSS 7
• SQLI 6
• SSTI 4
• Pentesting Web 4
• IDOR 4
• API 3
• Docker 3
• JWT 3
• Reflected XSS 3
• Penetration Testing 3
• BadPod 2
• Kubernetes 2
• Web-Fuzzing 2
• XXE 2
• Git 2
• Crontab 2
• RPC-Enum 2
• Null-Session 2
• ASREPRoast 2
• MSSQL 2
• Kerberos 2
• SQUID 2
• BruteForce 2
• SMB-Enumeration 2
• RCE 2
• SUID 2
• Capabilities 2
• Deserialization 2
• Web-Enum 2
• Pivoting 2
• Active Directory 2
• Manual Explotation 2
• Information Gathering 2
• Reconnaissance 2
• Exploit Development 2
• Insecure Direct Object Reference 2
• H6Web 2
• Tesla 2
• Teslamate 2
• Privacy 2
• Data Exposure 2
• OSINT 2
• Cybersecurity 2
• Firebase 2
• NoSQL Security 2
• Firestore 2
• Configuration Error 2
• Database Security 2
• API Vulnerability 2
• Score Manipulation 2
• Game Hacking 2
• HTTP Requests 2
• JavaScript Hacking 2
• T-Rex Game 2
• Browser Exploitation 2
• Game Manipulation 2
• Anti-Cheat Systems 2
• Government 2
• WAF Bypass 2
• SVG Injection 2
• MCP 2
• Model Context Protocol 2
• Stored XSS 2
• HTML Injection 2
• MCP Server 2
• MCPwn 2
• certificates 1
• WriteUp 1
• Data Exfiltration 1
• AD 1
• SMB 1
• Virtual_Hosting 1
• Pre_Replace 1
• PIVOTING 1
• Scripting 1
• PasswordLeaked 1
• Account Operators 1
• WriteDacl 1
• git-leak 1
• MicroK8s 1
• Web_Enumeration 1
• NTLMv2 1
• xp_cmdshell 1
• Cached GPP Files 1
• Azure 1
• Group-Abuse 1
• AI 1
• JDWP 1
• PoC 1
• DLL 1
• Potato 1
• Username-Enumeration 1
• LogPoison 1
• SeImpersonatePrivilege 1
• Sudo-Abuse 1
• Grafana 1
• Direcctory-Traversal 1
• Consul-Exploit 1
• MySQL 1
• SQLITE3 1
• ForceChangePassword 1
• LSASS-DUMP 1
• Backup-Operators 1
• TFPT 1
• Suedoedit 1
• Tar 1
• BGP-Hijack 1
• NFS 1
• Web-Shell 1
• Magic-Cookies 1
• X11 1
• NoSQLI 1
• Password-Reuse 1
• GIT 1
• Open-Redirect 1
• OTP 1
• SMTP 1
• PCAP 1
• Deserialization-Attack 1
• Read-Logs 1
• SCF-File 1
• CA-Certificate 1
• Kerberoasting 1
• DCSync 1
• AppArmor 1
• CouchDB 1
• NoSQL 1
• Data-Exposure 1
• Mongo 1
• WebShell 1
• Moodle 1
• Python-Script 1
• Privesc 1
• Jenkins 1
• Web Pentesting 1
• Seguridad Gubernamental 1
• Government Security 1
• Security Testing 1
• Vulnerability Assessment 1
• Pruebas de Seguridad 1
• Pentesting 1
• Evaluación de Vulnerabilidades 1

ctf

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

DarkHole:2 - WriteUp

January 24, 2023  

WriteUp de la máquina DarkHole:2 de Vulnhub.

ctf WriteUp SQLI Data Exfiltration

eWPT - Review

January 12, 2023  

Esto es una review de la certificación de Elearn Security, donde os cuento mi experiencia.

ctf certificates

Back to Top ↑

Writeup

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

Back to Top ↑

Linux

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Back to Top ↑

Windows

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

Back to Top ↑

Web Security

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Bypass de XSS Filter en Aplicación de Educación: Técnicas con SVG

August 26, 2025  

Análisis de un bypass exitoso de filtro XSS en una aplicación web de educación utilizando elementos SVG con handlers de eventos, demostrando limitaciones en sistemas de filtrado de contenido.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

XSS Filter Bypass in Educational Web Application: SVG-Based Techniques

August 26, 2025  

Analysis of a successful XSS filter bypass in an educational web application using SVG elements with event handlers, demonstrating limitations in content filtering systems.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

Hacking Flappy Bird: How to Manipulate Scores Without Playing

August 21, 2025  

Vulnerability analysis in the popular online Flappy Bird game that allows score manipulation through direct HTTP requests, completely bypassing game logic.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Hackeando Flappy Bird: Cómo Manipular Puntuaciones sin Jugar

August 21, 2025  

Análisis de vulnerabilidad en el popular juego Flappy Bird online que permite manipular puntuaciones mediante requests HTTP directas, burlando completamente la lógica del juego.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

CVE

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Back to Top ↑

Web-Enumeration

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Back to Top ↑

Web

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

Back to Top ↑

XSS

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Bypass de XSS Filter en Aplicación de Educación: Técnicas con SVG

August 26, 2025  

Análisis de un bypass exitoso de filtro XSS en una aplicación web de educación utilizando elementos SVG con handlers de eventos, demostrando limitaciones en sistemas de filtrado de contenido.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

XSS Filter Bypass in Educational Web Application: SVG-Based Techniques

August 26, 2025  

Analysis of a successful XSS filter bypass in an educational web application using SVG elements with event handlers, demonstrating limitations in content filtering systems.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Back to Top ↑

SQLI

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

DarkHole:2 - WriteUp

January 24, 2023  

WriteUp de la máquina DarkHole:2 de Vulnhub.

ctf WriteUp SQLI Data Exfiltration

Back to Top ↑

SSTI

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Back to Top ↑

Pentesting Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Vulnerabilidad XSS Reflejada Encontrada en el Sitio Web de la Agencia Tributaria

September 04, 2024  

Informe de Vulnerabilidad XSS en la Web de la Agencia Tributaria

Pentesting Web Reflected XSS

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

IDOR

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

API

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

Back to Top ↑

Docker

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Back to Top ↑

JWT

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Back to Top ↑

Reflected XSS

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Vulnerabilidad XSS Reflejada Encontrada en el Sitio Web de la Agencia Tributaria

September 04, 2024  

Informe de Vulnerabilidad XSS en la Web de la Agencia Tributaria

Pentesting Web Reflected XSS

Back to Top ↑

Penetration Testing

MCPwn: Advanced Penetration Testing Tool for Model Context Protocol Servers

September 08, 2025  

Discover MCPwn, a comprehensive security testing tool designed for auditing Model Context Protocol servers. Learn how to identify vulnerabilities, perform automated assessments, and exploit common security flaws in MCP implementations.

MCP Security Testing Penetration Testing Model Context Protocol Vulnerability Assessment

Bypass de XSS Filter en Aplicación de Educación: Técnicas con SVG

August 26, 2025  

Análisis de un bypass exitoso de filtro XSS en una aplicación web de educación utilizando elementos SVG con handlers de eventos, demostrando limitaciones en sistemas de filtrado de contenido.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

XSS Filter Bypass in Educational Web Application: SVG-Based Techniques

August 26, 2025  

Analysis of a successful XSS filter bypass in an educational web application using SVG elements with event handlers, demonstrating limitations in content filtering systems.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

Back to Top ↑

BadPod

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

Back to Top ↑

Kubernetes

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

Back to Top ↑

Web-Fuzzing

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Back to Top ↑

XXE

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Back to Top ↑

Git

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Back to Top ↑

Crontab

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

Back to Top ↑

RPC-Enum

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Back to Top ↑

Null-Session

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Back to Top ↑

ASREPRoast

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Back to Top ↑

MSSQL

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Back to Top ↑

Kerberos

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Back to Top ↑

SQUID

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Back to Top ↑

BruteForce

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Back to Top ↑

SMB-Enumeration

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Back to Top ↑

RCE

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Back to Top ↑

SUID

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Back to Top ↑

Capabilities

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

Back to Top ↑

Deserialization

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Back to Top ↑

Web-Enum

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

Back to Top ↑

Pivoting

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Active Directory

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Manual Explotation

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Information Gathering

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Reconnaissance

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Exploit Development

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Insecure Direct Object Reference

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

H6Web

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

Tesla

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

Teslamate

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

Privacy

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

Data Exposure

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

OSINT

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

Cybersecurity

Teslamate Expuesto: Cuando los Datos de tu Tesla Están al Descubierto

August 20, 2025  

Análisis de cómo las instalaciones mal configuradas de Teslamate están exponiendo datos sensibles de miles de vehículos Tesla en internet, incluyendo ubicaciones, hábitos de conducción y patrones de vida.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Teslamate Exposed: When Your Tesla Data Is Out in the Open

August 20, 2025  

Analysis of how misconfigured Teslamate installations are exposing sensitive data from thousands of Tesla vehicles on the internet, including locations, driving habits, and life patterns.

Tesla Teslamate Privacy Data Exposure OSINT Cybersecurity

Back to Top ↑

Firebase

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

NoSQL Security

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

Firestore

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

Configuration Error

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

Database Security

Firebase Exposed: When Insecure Configurations Compromise Educational Platforms

August 21, 2025  

Analysis of critical vulnerabilities in Firebase configurations that allow user data manipulation, personal information exposure, and unauthorized access to scoring systems.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Firebase Expuesto: Cuando las Configuraciones Inseguras Comprometen Plataformas Educativas

August 21, 2025  

Análisis de vulnerabilidades críticas en configuraciones de Firebase que permiten manipulación de datos de usuarios, exposición de información personal y acceso no autorizado a sistemas de puntuación.

Firebase NoSQL Security Firestore Web Security Configuration Error Database Security

Back to Top ↑

API Vulnerability

Hacking Flappy Bird: How to Manipulate Scores Without Playing

August 21, 2025  

Vulnerability analysis in the popular online Flappy Bird game that allows score manipulation through direct HTTP requests, completely bypassing game logic.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Hackeando Flappy Bird: Cómo Manipular Puntuaciones sin Jugar

August 21, 2025  

Análisis de vulnerabilidad en el popular juego Flappy Bird online que permite manipular puntuaciones mediante requests HTTP directas, burlando completamente la lógica del juego.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Back to Top ↑

Score Manipulation

Hacking Flappy Bird: How to Manipulate Scores Without Playing

August 21, 2025  

Vulnerability analysis in the popular online Flappy Bird game that allows score manipulation through direct HTTP requests, completely bypassing game logic.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Hackeando Flappy Bird: Cómo Manipular Puntuaciones sin Jugar

August 21, 2025  

Análisis de vulnerabilidad en el popular juego Flappy Bird online que permite manipular puntuaciones mediante requests HTTP directas, burlando completamente la lógica del juego.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Back to Top ↑

Game Hacking

Hacking Flappy Bird: How to Manipulate Scores Without Playing

August 21, 2025  

Vulnerability analysis in the popular online Flappy Bird game that allows score manipulation through direct HTTP requests, completely bypassing game logic.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Hackeando Flappy Bird: Cómo Manipular Puntuaciones sin Jugar

August 21, 2025  

Análisis de vulnerabilidad en el popular juego Flappy Bird online que permite manipular puntuaciones mediante requests HTTP directas, burlando completamente la lógica del juego.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Back to Top ↑

HTTP Requests

Hacking Flappy Bird: How to Manipulate Scores Without Playing

August 21, 2025  

Vulnerability analysis in the popular online Flappy Bird game that allows score manipulation through direct HTTP requests, completely bypassing game logic.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Hackeando Flappy Bird: Cómo Manipular Puntuaciones sin Jugar

August 21, 2025  

Análisis de vulnerabilidad en el popular juego Flappy Bird online que permite manipular puntuaciones mediante requests HTTP directas, burlando completamente la lógica del juego.

Web Security API Vulnerability Score Manipulation Game Hacking HTTP Requests

Back to Top ↑

JavaScript Hacking

Hacking T-Rex Runner on trex-runner.com: Understanding and Bypassing Anti-Cheat Systems

August 21, 2025  

Complete guide to manipulating the T-Rex Runner game on trex-runner.com using JavaScript, including how to set specific scores, bypass anti-cheat systems, and understand how servers detect manipulations in online leaderboards.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Hackeando el T-Rex Runner en trex-runner.com: Entendiendo y Evadiendo el Sistema Anti-Trampas

August 21, 2025  

Guía completa para manipular el juego T-Rex Runner en trex-runner.com usando JavaScript, incluyendo cómo establecer puntuaciones específicas, evitar el sistema anti-trampas y entender cómo el servidor detecta manipulaciones en las tablas de clasificación online.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Back to Top ↑

T-Rex Game

Hacking T-Rex Runner on trex-runner.com: Understanding and Bypassing Anti-Cheat Systems

August 21, 2025  

Complete guide to manipulating the T-Rex Runner game on trex-runner.com using JavaScript, including how to set specific scores, bypass anti-cheat systems, and understand how servers detect manipulations in online leaderboards.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Hackeando el T-Rex Runner en trex-runner.com: Entendiendo y Evadiendo el Sistema Anti-Trampas

August 21, 2025  

Guía completa para manipular el juego T-Rex Runner en trex-runner.com usando JavaScript, incluyendo cómo establecer puntuaciones específicas, evitar el sistema anti-trampas y entender cómo el servidor detecta manipulaciones en las tablas de clasificación online.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Back to Top ↑

Browser Exploitation

Hacking T-Rex Runner on trex-runner.com: Understanding and Bypassing Anti-Cheat Systems

August 21, 2025  

Complete guide to manipulating the T-Rex Runner game on trex-runner.com using JavaScript, including how to set specific scores, bypass anti-cheat systems, and understand how servers detect manipulations in online leaderboards.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Hackeando el T-Rex Runner en trex-runner.com: Entendiendo y Evadiendo el Sistema Anti-Trampas

August 21, 2025  

Guía completa para manipular el juego T-Rex Runner en trex-runner.com usando JavaScript, incluyendo cómo establecer puntuaciones específicas, evitar el sistema anti-trampas y entender cómo el servidor detecta manipulaciones en las tablas de clasificación online.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Back to Top ↑

Game Manipulation

Hacking T-Rex Runner on trex-runner.com: Understanding and Bypassing Anti-Cheat Systems

August 21, 2025  

Complete guide to manipulating the T-Rex Runner game on trex-runner.com using JavaScript, including how to set specific scores, bypass anti-cheat systems, and understand how servers detect manipulations in online leaderboards.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Hackeando el T-Rex Runner en trex-runner.com: Entendiendo y Evadiendo el Sistema Anti-Trampas

August 21, 2025  

Guía completa para manipular el juego T-Rex Runner en trex-runner.com usando JavaScript, incluyendo cómo establecer puntuaciones específicas, evitar el sistema anti-trampas y entender cómo el servidor detecta manipulaciones en las tablas de clasificación online.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Back to Top ↑

Anti-Cheat Systems

Hacking T-Rex Runner on trex-runner.com: Understanding and Bypassing Anti-Cheat Systems

August 21, 2025  

Complete guide to manipulating the T-Rex Runner game on trex-runner.com using JavaScript, including how to set specific scores, bypass anti-cheat systems, and understand how servers detect manipulations in online leaderboards.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Hackeando el T-Rex Runner en trex-runner.com: Entendiendo y Evadiendo el Sistema Anti-Trampas

August 21, 2025  

Guía completa para manipular el juego T-Rex Runner en trex-runner.com usando JavaScript, incluyendo cómo establecer puntuaciones específicas, evitar el sistema anti-trampas y entender cómo el servidor detecta manipulaciones en las tablas de clasificación online.

JavaScript Hacking T-Rex Game Browser Exploitation Game Manipulation Anti-Cheat Systems

Back to Top ↑

Government

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

Back to Top ↑

WAF Bypass

Bypass de XSS Filter en Aplicación de Educación: Técnicas con SVG

August 26, 2025  

Análisis de un bypass exitoso de filtro XSS en una aplicación web de educación utilizando elementos SVG con handlers de eventos, demostrando limitaciones en sistemas de filtrado de contenido.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

XSS Filter Bypass in Educational Web Application: SVG-Based Techniques

August 26, 2025  

Analysis of a successful XSS filter bypass in an educational web application using SVG elements with event handlers, demonstrating limitations in content filtering systems.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

Back to Top ↑

SVG Injection

Bypass de XSS Filter en Aplicación de Educación: Técnicas con SVG

August 26, 2025  

Análisis de un bypass exitoso de filtro XSS en una aplicación web de educación utilizando elementos SVG con handlers de eventos, demostrando limitaciones en sistemas de filtrado de contenido.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

XSS Filter Bypass in Educational Web Application: SVG-Based Techniques

August 26, 2025  

Analysis of a successful XSS filter bypass in an educational web application using SVG elements with event handlers, demonstrating limitations in content filtering systems.

XSS WAF Bypass SVG Injection Web Security Penetration Testing

Back to Top ↑

MCP

MCPwn: Herramienta Avanzada de Pruebas de Penetración para Servidores Model Context Protocol

September 08, 2025  

Descubre MCPwn, una herramienta integral de pruebas de seguridad diseñada para auditar servidores Model Context Protocol. Aprende cómo identificar vulnerabilidades, realizar evaluaciones automatizadas y explotar fallas de seguridad comunes en implementaciones MCP.

MCP Pruebas de Seguridad Pentesting Model Context Protocol Evaluación de Vulnerabilidades

MCPwn: Advanced Penetration Testing Tool for Model Context Protocol Servers

September 08, 2025  

Discover MCPwn, a comprehensive security testing tool designed for auditing Model Context Protocol servers. Learn how to identify vulnerabilities, perform automated assessments, and exploit common security flaws in MCP implementations.

MCP Security Testing Penetration Testing Model Context Protocol Vulnerability Assessment

Back to Top ↑

Model Context Protocol

MCPwn: Herramienta Avanzada de Pruebas de Penetración para Servidores Model Context Protocol

September 08, 2025  

Descubre MCPwn, una herramienta integral de pruebas de seguridad diseñada para auditar servidores Model Context Protocol. Aprende cómo identificar vulnerabilidades, realizar evaluaciones automatizadas y explotar fallas de seguridad comunes en implementaciones MCP.

MCP Pruebas de Seguridad Pentesting Model Context Protocol Evaluación de Vulnerabilidades

MCPwn: Advanced Penetration Testing Tool for Model Context Protocol Servers

September 08, 2025  

Discover MCPwn, a comprehensive security testing tool designed for auditing Model Context Protocol servers. Learn how to identify vulnerabilities, perform automated assessments, and exploit common security flaws in MCP implementations.

MCP Security Testing Penetration Testing Model Context Protocol Vulnerability Assessment

Back to Top ↑

Stored XSS

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Back to Top ↑

HTML Injection

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Back to Top ↑

MCP Server

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Back to Top ↑

MCPwn

Vulnerabilidad XSS Almacenada en Servicio MCP de Deployment HTML: Análisis Técnico Completo

September 10, 2025  

Análisis técnico detallado de vulnerabilidad XSS almacenada crítica descubierta mediante MCPwn en servicio MCP de deployment. Incluye explotación paso a paso, respuestas del sistema y evaluación de impacto.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Stored XSS Vulnerability in MCP HTML Deployment Service: Technical Analysis

September 10, 2025  

Detailed technical analysis of critical stored XSS vulnerability discovered using MCPwn in MCP deployment service. Includes step-by-step exploitation, system responses, and impact assessment.

XSS Stored XSS HTML Injection Web Security MCP Server MCPwn

Back to Top ↑

certificates

eWPT - Review

January 12, 2023  

Esto es una review de la certificación de Elearn Security, donde os cuento mi experiencia.

ctf certificates

Back to Top ↑

WriteUp

DarkHole:2 - WriteUp

January 24, 2023  

WriteUp de la máquina DarkHole:2 de Vulnhub.

ctf WriteUp SQLI Data Exfiltration

Back to Top ↑

Data Exfiltration

DarkHole:2 - WriteUp

January 24, 2023  

WriteUp de la máquina DarkHole:2 de Vulnhub.

ctf WriteUp SQLI Data Exfiltration

Back to Top ↑

AD

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

Back to Top ↑

SMB

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

Back to Top ↑

Virtual_Hosting

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

Back to Top ↑

Pre_Replace

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

Back to Top ↑

PIVOTING

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Back to Top ↑

Scripting

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Back to Top ↑

PasswordLeaked

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Back to Top ↑

Account Operators

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Back to Top ↑

WriteDacl

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Back to Top ↑

git-leak

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

Back to Top ↑

MicroK8s

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

Back to Top ↑

Web_Enumeration

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Back to Top ↑

NTLMv2

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Back to Top ↑

xp_cmdshell

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Back to Top ↑

Cached GPP Files

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Back to Top ↑

Azure

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Back to Top ↑

Group-Abuse

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Back to Top ↑

AI

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Back to Top ↑

JDWP

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Back to Top ↑

PoC

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

Back to Top ↑

DLL

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

Back to Top ↑

Potato

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

Back to Top ↑

Username-Enumeration

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

Back to Top ↑

LogPoison

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

Back to Top ↑

SeImpersonatePrivilege

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

Back to Top ↑

Sudo-Abuse

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

Back to Top ↑

Grafana

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Back to Top ↑

Direcctory-Traversal

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Back to Top ↑

Consul-Exploit

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Back to Top ↑

MySQL

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Back to Top ↑

SQLITE3

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Back to Top ↑

ForceChangePassword

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Back to Top ↑

LSASS-DUMP

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Back to Top ↑

Backup-Operators

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Back to Top ↑

TFPT

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Back to Top ↑

Suedoedit

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Back to Top ↑

Tar

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Back to Top ↑

BGP-Hijack

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Back to Top ↑

NFS

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Back to Top ↑

Web-Shell

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Back to Top ↑

Magic-Cookies

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Back to Top ↑

X11

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Back to Top ↑

NoSQLI

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Back to Top ↑

Password-Reuse

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Back to Top ↑

GIT

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Back to Top ↑

Open-Redirect

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Back to Top ↑

OTP

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Back to Top ↑

SMTP

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Back to Top ↑

PCAP

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

Back to Top ↑

Deserialization-Attack

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Back to Top ↑

Read-Logs

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Back to Top ↑

SCF-File

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Back to Top ↑

CA-Certificate

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Back to Top ↑

Kerberoasting

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Back to Top ↑

DCSync

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Back to Top ↑

AppArmor

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Back to Top ↑

CouchDB

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Back to Top ↑

NoSQL

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Back to Top ↑

Data-Exposure

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Back to Top ↑

Mongo

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Back to Top ↑

WebShell

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

Back to Top ↑

Moodle

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

Back to Top ↑

Python-Script

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

Back to Top ↑

Privesc

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Back to Top ↑

Jenkins

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

Back to Top ↑

Web Pentesting

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

Seguridad Gubernamental

Vulnerabilidades en Servicios Gubernamentales: XSS e IDOR en Plataformas Fiscales

August 21, 2025  

Análisis de múltiples vulnerabilidades de seguridad encontradas en plataformas digitales gubernamentales, incluyendo XSS reflejados e IDOR que expone conversaciones privadas de ciudadanos.

XSS IDOR Web Security Government Seguridad Gubernamental CVE

Back to Top ↑

Government Security

Vulnerabilities in Government Services: XSS and IDOR in Digital Platforms

August 21, 2025  

Analysis of multiple security vulnerabilities found in government digital platforms, including reflected XSS and IDOR exposing private citizen conversations.

XSS IDOR Web Security Government Government Security CVE

Back to Top ↑

Security Testing

MCPwn: Advanced Penetration Testing Tool for Model Context Protocol Servers

September 08, 2025  

Discover MCPwn, a comprehensive security testing tool designed for auditing Model Context Protocol servers. Learn how to identify vulnerabilities, perform automated assessments, and exploit common security flaws in MCP implementations.

MCP Security Testing Penetration Testing Model Context Protocol Vulnerability Assessment

Back to Top ↑

Vulnerability Assessment

MCPwn: Advanced Penetration Testing Tool for Model Context Protocol Servers

September 08, 2025  

Discover MCPwn, a comprehensive security testing tool designed for auditing Model Context Protocol servers. Learn how to identify vulnerabilities, perform automated assessments, and exploit common security flaws in MCP implementations.

MCP Security Testing Penetration Testing Model Context Protocol Vulnerability Assessment

Back to Top ↑

Pruebas de Seguridad

MCPwn: Herramienta Avanzada de Pruebas de Penetración para Servidores Model Context Protocol

September 08, 2025  

Descubre MCPwn, una herramienta integral de pruebas de seguridad diseñada para auditar servidores Model Context Protocol. Aprende cómo identificar vulnerabilidades, realizar evaluaciones automatizadas y explotar fallas de seguridad comunes en implementaciones MCP.

MCP Pruebas de Seguridad Pentesting Model Context Protocol Evaluación de Vulnerabilidades

Back to Top ↑

Pentesting

MCPwn: Herramienta Avanzada de Pruebas de Penetración para Servidores Model Context Protocol

September 08, 2025  

Descubre MCPwn, una herramienta integral de pruebas de seguridad diseñada para auditar servidores Model Context Protocol. Aprende cómo identificar vulnerabilidades, realizar evaluaciones automatizadas y explotar fallas de seguridad comunes en implementaciones MCP.

MCP Pruebas de Seguridad Pentesting Model Context Protocol Evaluación de Vulnerabilidades

Back to Top ↑

Evaluación de Vulnerabilidades

MCPwn: Herramienta Avanzada de Pruebas de Penetración para Servidores Model Context Protocol

September 08, 2025  

Descubre MCPwn, una herramienta integral de pruebas de seguridad diseñada para auditar servidores Model Context Protocol. Aprende cómo identificar vulnerabilidades, realizar evaluaciones automatizadas y explotar fallas de seguridad comunes en implementaciones MCP.

MCP Pruebas de Seguridad Pentesting Model Context Protocol Evaluación de Vulnerabilidades

Back to Top ↑