Skip to main content

SecNotes

$ tldr XSS + CSRF + SQLi → IIS webshell → WSL Linux subsystem

Writeups

Skill resources

Curated documentation for each technique listed in the Skills column above. Sources: HackTricks, GTFOBins, PortSwigger, etc. Remote Code Execution (RCE) · WebDAV · Server-Side Request Forgery

If you liked this machine, try


Comments & tips

Did the official writeup not work? Found a smarter trick? Share it here — comments live in GitHub Discussions.
Last updated: 2026-07-13