← all labs
Intermediate
WEB+SSH
★★☆☆☆

Path Traversal

Traverse directories to read sensitive files

/start lfi
48
Total Solves
15m 37s
Avg Solve Time
1
First Blood Claimed
11s
Record Time

// FIRST BLOOD

ravistar 🩸
cracked in 15m 44s

// TOP 10 FASTEST

#1 khan 11s
#2 User 0755 47s
#3 simboa 1m 21s
#4 Kael 1m 27s
#5 NYO 2m 22s
#6 MID 2m 31s
#7 harpy 2m 55s
#8 † 𝓣𝓘𝓜 3m 16s
#9 F03ever 3m 24s
#10 privalman 4m 6s

// RELATED · Intermediate TIER

Command Injection
WEB+SSH Chain OS commands through a web interface
★★☆☆☆
Database Bypass
WEB+SSH Bypass authentication with SQL injection
★★☆☆☆
Malicious Upload
WEB+SSH Upload a web shell past file filters
★★☆☆☆
XML Attack
WEB Read server files through XML entity injection
★★☆☆☆
Script Kiddie
WEB+SSH Inject JavaScript to steal credentials
★★☆☆☆
Vault Cracker
WEB+SSH Decode layered encoding to crack a vault
★★☆☆☆

Spawn this box.
Capture the flag.

Join the Discord and type /start lfi to spin up your own container.

join discord → sign in with discord