RatLabs
πŸ€πŸ€πŸ€πŸ€πŸ€ 0 pts earned

The XSS Rat

Premium Machine (Locked)

The XSS Rat's personal research platform: a PHP blog engine with a dangerous API and a secrets-laden internal service. Chain stored XSS through to SSRF, extract admin credentials from an internal endpoint, and abuse a sudo GTFOBin to root. Nothing about this box is accidental β€” every quirk is a clue.

Machine may be having trouble (checked 5m ago)
Target IP Premium required
User Flag Pending
Root Flag Pending

Community

Community Walkthroughs

No community walkthroughs yet β€” be the first!

Log in to submit your own walkthrough.