Rce

In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.

An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.

A hands-on deep dive into exploiting file inclusion vulnerabilities — from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.