The “WidgetCorp” challenge for the 2013 CSAW CTF was a really neat web exploitation problem. It was a challenge where I was super excited to work through the whole thing (not always the case for sure!) It’s a light blue because I solved it but you get the gist. No information/comments are provided about what… Read More


So recently I was attempting to hack a friend’s server (with permission!) via a local file inclusion vulnerability and I discovered that nobody had any tutorials on hacking XAMPP servers via LFI. Basically it’s pretty straightforward if they have FileZilla FTP Server enabled and working! In fact it should be trivial to exploit this in… Read More