How I Passed HTB CWES
My road to the Hack The Box Certified Web Exploitation Specialist (CWES), a year in the CBBH path, a focused month of revision, and a 4-day, 9-flag exam.
Tag
web
3 items tagged “web”.
Writeups
CHALLENGE
Critical Ops
An HTB web challenge, the app shipped its JWT signing key in the client-side bundle, so reading it from DevTools let me forge an admin token, hit a privileged endpoint and grab the flag.
Read CHALLENGE
byp4ss3d, picoMini byCMU-Africa
Bypassing a file upload filter on Apache by abusing .htaccess to execute a PHP webshell disguised as a JPEG, achieving full RCE and reading the flag.
ReadBlog