webhard

After Image

srdnlen

Task: read a flag from an internal MJPEG camera stream not accessible from outside, using a Playwright Firefox bot with 75s timeout. Solution: PHP session file injection for XSS, then DNS rebinding via rbndr.us with iptables TCP RST blocking to force DNS re-resolution after 60s Firefox cache expiry, exfiltrate MJPEG frame via shared session.

$ ls tags/ techniques/
dns_rebindingxssphp_sessionsession_fixationiptablesmjpegfirefoxplaywrightrbndr
dns_rebinding_via_tcp_rstphp_session_file_injectionsession_fixation_via_urliptables_tcp_rst_blockingdns_cache_eviction_floodingmjpeg_stream_exfiltration
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]