Root-Me/Bash - quoted expression injection·30ptsBash - quoted expression injection — Root-MeScripting challenge Bash - quoted expression injection: cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Mischard#root-me#app-script#miscMay 26, 2026
Root-Me/Python - pickle·25ptsPython - pickle — Root-MeScripting challenge Python - pickle: cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Miscmedium#root-me#app-script#miscMay 26, 2026
Root-Me/R: Code Execution·20ptsR: Code Execution — Root-MeShell automation and interpreter quirks on R: Code Execution.Miscmedium#root-me#app-script#miscMay 26, 2026
Root-Me/Python - input()·20ptsPython - input() — Root-MeScripting challenge Python - input(): cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Miscmedium#root-me#app-script#miscMay 26, 2026
Root-Me/Bash - cron·20ptsBash - cron — Root-MeNotes for Bash - cron cover parsing edge cases, environment leakage, and privilege changes through a helper binary invoked by a scheduled task..Miscmedium#root-me#app-script#miscMay 26, 2026
Root-Me/Perl - Command injection·15ptsPerl - Command injection — Root-MeScripting challenge Perl - Command injection: cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Docker - I am groot·15ptsDocker - I am groot — Root-MeShell automation and interpreter quirks on Docker - I am groot.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/LaTeX - Input·10ptsLaTeX - Input — Root-MeShell automation and interpreter quirks on LaTeX - Input.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Powershell - Command Injection·10ptsPowershell - Command Injection — Root-MeNotes for Powershell - Command Injection cover parsing edge cases, environment leakage, and privilege changes through a helper binary invoked by a scheduled task..Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/sudo - weak configuration·5ptssudo - weak configuration — Root-MeShell automation and interpreter quirks on sudo - weak configuration.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Bash - System 1·5ptsBash - System 1 — Root-MeNotes for Bash - System 1 cover parsing edge cases, environment leakage, and privilege changes through a helper binary invoked by a scheduled task..Misceasy#root-me#app-script#easyMay 26, 2026
Hacker101/Micro-CMS v1Hacker101 Micro-CMS v1 — full clearWalkthrough of all four flags: IDOR, stored XSS, broken access control on edit, and a hidden admin panel.WebeasyGitHub#web#idor#xssMay 16, 2026
Google CTF 2024/sandbox-cookie·178ptsGoogle CTF 2024 — sandbox-cookieBypass the cookie sandbox via prototype pollution chained with a templated response.WebmediumGitHub#web#prototype-pollutionMay 16, 2026
pwn.college/Program Misusepwn.college — Program Misuse video walkthroughWorking through the dojo's SUID-binary misuse warm-ups one tool at a time.PwneasyYouTube#linux#pwn#suidMay 16, 2026
OWASP Juice Shop/Find the Score BoardJuice Shop — Score Board discovery walkthroughFind the hidden score board via client-side route discovery in the bundled Angular app.WebeasyBlog#web#juice-shop#client-sideMay 16, 2026
PortSwigger Web Security Academy/SQL injection in WHERE clausePortSwigger — SQLi in WHERE clause (filter products)Bypass the category filter with a UNION-based SELECT against a known column count.Webeasy#web#sqli#unionMay 16, 2026
VulnHub/Mr-Robot: 1Mr-Robot:1 — full chain (WordPress → fsociety)Dir busting reveals a WordPress install. Brute the login, drop a reverse shell via theme editor, then chase the three keys to root.WebmediumBlog#linux#boot2root#wordpressMay 16, 2026
Damn Vulnerable Web Application (DVWA)/Brute Force (Low)DVWA — Brute Force (Low)Hydra against the basic login form. No CSRF, no lockout, no rate limit — textbook target.Webeasy#web#beginner#dvwaMay 16, 2026
CryptoHack/RSA Starter 1·10ptsRSA Starter 1 — CryptoHackCompute 101^17 mod 22663 — the foundational primitive that powers every later RSA challenge.Cryptoeasy#crypto#rsa#modular-exponentiationMay 16, 2026
OverTheWire/Bandit Level 0 → 1OverTheWire Bandit Level 0 → 1SSH in as bandit0, read the password from a plain text file.Misceasy#beginner#linux#sshMay 16, 2026