technique://Directory Busting
- IgnitionLinux Tier 1 Apr 28, 2026
Virtual host discovery finds the Magento admin panel on a non-default hostname; qwerty123 completes the chain — two recon steps, one flag.
also uses: Magento CVE - CrocodileLinux Tier 1 Apr 28, 2026
Anonymous FTP drops a credentials file; those credentials unlock an HTTP admin panel — two individually boring findings combine into a full chain.
also uses: FTP Brute-force - AppointmentLinux Tier 1 Apr 28, 2026
SQL injection in a login form — `' OR '1'='1` as username turns authentication into a formality and exposes the flag in one request.
also uses: SQL Injection - ThreeLinux Tier 1 Apr 27, 2026
S3 subdomain discovery exposes a LocalStack bucket; a PHP webshell uploaded via the AWS CLI achieves RCE as www-data without any CVE.
also uses: Webshell RFI - PreignitionLinux Tier 0 Apr 27, 2026
Directory fuzzing surfaces a hidden admin.php that default credentials unlock; demonstrates why wordlist-based discovery precedes credential guessing.