https://0xtonyr.github.io/Cybersecurity write-ups and notes by 0xtonyr. 2026-06-01T01:53:10-03:00 Antonio Vitor https://0xtonyr.github.io/ Jekyll © 2026 Antonio Vitor /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-18T00:00:00-03:00 2026-05-31T22:26:23-03:00 https://0xtonyr.github.io/posts/xss-lab-9-portswigger/ Antonio Vitor

Lab Description Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection occurs inside a JavaScript string. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls th...

2026-05-18T00:00:00-03:00 2026-05-31T22:26:23-03:00 https://0xtonyr.github.io/posts/xss-lab-10-portswigger/ Antonio Vitor

Lab Description Lab: DOM XSS in document.write sink using source location.search inside a select element This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search which you can control using the websi...

2026-04-22T00:00:00-03:00 2026-05-31T22:26:23-03:00 https://0xtonyr.github.io/posts/flag-command-ctf/ Antonio Vitor

Challenge Overview Category: Web Security / API Exploitation Target: http://154.57.164.76:31023/ A whimsical, interactive text-based game where you wake up in a mysterious alien forest. Navigate singing squirrels, mischievous nymphs, and grumpy wizards in a labyrinth to find the flag. The key to solving this challenge was discovering a secret command hidden in the API responses. Methodolog...

2026-02-21T14:48:00-03:00 2026-05-31T22:58:52-03:00 https://0xtonyr.github.io/posts/bucket-htb/ Antonio Vitor

About Bucket “A port scan conducted with nmap reveals port 80 running an Apache server, with stored files pointing to an open S3 bucket. It’s possible to upload a PHP shell to the bucket to establish a reverse connection. After some local enumeration, we identify a user on the system, along with their password exposed in a DynamoDB database configuration file. Last but not least, an internal a...

2026-01-11T14:36:00-03:00 2026-05-31T22:58:52-03:00 https://0xtonyr.github.io/posts/steamcloud-htb/ Antonio Vitor

About SteamCloud A port scan conducted with nmap reveals specific Kubernetes and Kubelet ports running on the target. It is not possible to enumerate the Kubernetes API because it requires authentication. However, it is possible to enumerate the Kubelet service on port 10250 and discover the pods running in the Kubernetes cluster. The nginx pod allows code execution, and within it, the access ...