Reverse-Shell

An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.

A hands-on deep dive into exploiting file inclusion vulnerabilities — from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.

From basic payloads to protected and self-destructing shells — a hands-on journey upgrading your webshells for stealth, power, and style.

Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.

After exploring XSS in Part 1, we now dive into server-side command injection, shell behavior, piping, and classic reverse shell tactics.