> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Skills catalog

> Full index of indexed skills. Each entry leads to a page with machines that practice the technique + curated resources + related skills.

# Skills catalog

Full index of indexed skills. Each entry leads to a page with machines that practice the technique + curated resources + related skills.

| Skill                                                                     | HTB · Machines | PortSwigger · Labs | TryHackMe · Rooms |
| ------------------------------------------------------------------------- | -------------: | -----------------: | ----------------: |
| [Remote Code Execution (RCE)](/en/skills/rce)                             |            104 |                 15 |               103 |
| [Information Leakage](/en/skills/information-leakage)                     |             74 |                  6 |                 — |
| [SQL Injection](/en/skills/sqli)                                          |             36 |                 22 |                20 |
| [Cross-Site Scripting (XSS)](/en/skills/xss)                              |             13 |                 36 |                10 |
| [Cracking Hashes (hashcat / John)](/en/skills/cracking-hashes)            |             25 |                  — |                22 |
| [Port Forwarding / Pivoting](/en/skills/port-forwarding)                  |             36 |                  — |                 4 |
| [USB forensics](/en/skills/usb-forensics)                                 |              1 |                  — |                39 |
| [Authentication Vulnerabilities](/en/skills/authentication)               |              4 |                 27 |                 2 |
| [Directory fuzzing](/en/skills/fuzzing)                                   |             13 |                  — |                19 |
| [Active Directory](/en/skills/active-directory)                           |             12 |                  — |                18 |
| [File Upload Vulnerabilities](/en/skills/file-upload)                     |             16 |                  8 |                 4 |
| [SMB (139/445)](/en/skills/smb)                                           |             16 |                  — |                12 |
| [Local File Inclusion (LFI)](/en/skills/lfi)                              |             19 |                  — |                 8 |
| [OS Command Injection](/en/skills/command-injection)                      |             17 |                  5 |                 5 |
| [Server-Side Request Forgery](/en/skills/ssrf)                            |             10 |                 11 |                 4 |
| [Access Control / IDOR](/en/skills/access-control)                        |              1 |                 14 |                 9 |
| [SSTI (Server-Side Template Injection)](/en/skills/ssti)                  |             12 |                  7 |                 5 |
| [Web Cache Attacks (Poisoning / Deception)](/en/skills/web-cache-attacks) |              — |                 21 |                 1 |
| [Brute Force / Rate-Limit Bypass](/en/skills/brute-force)                 |             12 |                  1 |                 8 |
| [Insecure Deserialization](/en/skills/insecure-deserialization)           |             10 |                 10 |                 1 |
| [WordPress Exploitation](/en/skills/wordpress-exploit)                    |             13 |                  — |                 8 |
| [Buffer Overflow (BoF / ROP)](/en/skills/buffer-overflow)                 |             12 |                  — |                 8 |
| [HTTP Request Smuggling](/en/skills/request-smuggling)                    |              1 |                 16 |                 3 |
| [SUID binaries](/en/skills/suid)                                          |             12 |                  — |                 8 |
| [CSRF (Cross-Site Request Forgery)](/en/skills/csrf)                      |              2 |                 15 |                 2 |
| [XML External Entity](/en/skills/xxe)                                     |              6 |                  9 |                 4 |
| [JSON Web Tokens (JWT)](/en/skills/jwt-attacks)                           |             10 |                  8 |                 — |
| [Directory / Path Traversal](/en/skills/directory-traversal)              |              4 |                  8 |                 5 |
| [Race Conditions](/en/skills/race-conditions)                             |              3 |                  7 |                 6 |
| [Subdomain Enumeration](/en/skills/subdomain-enum)                        |             14 |                  — |                 2 |
| [Business Logic Vulnerabilities](/en/skills/business-logic)               |              — |                 12 |                 — |
| [BloodHound](/en/skills/bloodhound)                                       |             10 |                  — |                 1 |
| [IIS (Microsoft Web Server)](/en/skills/iis)                              |              8 |                  — |                 3 |
| [Prototype Pollution](/en/skills/prototype-pollution)                     |              1 |                  9 |                 1 |
| [LLM Attacks (Prompt Injection)](/en/skills/llm-attacks)                  |              — |                  8 |                 2 |
| [OAuth Authentication Vulnerabilities](/en/skills/oauth)                  |              1 |                  6 |                 1 |
| [GraphQL Vulnerabilities](/en/skills/graphql)                             |              1 |                  5 |                 1 |
| [Kerberoasting](/en/skills/kerberoasting)                                 |              5 |                  — |                 2 |
| [Remote File Inclusion (RFI)](/en/skills/rfi)                             |              4 |                  — |                 2 |
| [SNMP Enumeration](/en/skills/snmp-enum)                                  |              5 |                  — |                 1 |
| [Steganography (Stego)](/en/skills/steganography)                         |              4 |                  — |                 2 |
| [API Testing](/en/skills/api-testing)                                     |              — |                  5 |                 — |
| [AS-REP Roasting](/en/skills/asreproast)                                  |              2 |                  — |                 3 |
| [Clickjacking](/en/skills/clickjacking)                                   |              — |                  5 |                 — |
| [DNS zone transfer](/en/skills/dns-zone-transfer)                         |              4 |                  — |                 1 |
| [HTTP Host Header Attacks](/en/skills/host-header-attacks)                |              — |                  5 |                 — |
| [WebSockets Vulnerabilities](/en/skills/websockets)                       |              1 |                  2 |                 2 |
| [Default credentials](/en/skills/default-creds)                           |              1 |                  — |                 3 |
| [GetNPUsers (Impacket)](/en/skills/getnpusers)                            |              4 |                  — |                 — |
| [Shellshock (CVE-2014-6271)](/en/skills/shellshock)                       |              3 |                  1 |                 — |
| [Sudo abuse](/en/skills/sudo-abuse)                                       |              1 |                  — |                 3 |
| [CORS (Cross-Origin Resource Sharing)](/en/skills/cors)                   |              — |                  3 |                 — |
| [Cron abuse](/en/skills/cron-abuse)                                       |              3 |                  — |                 — |
| [DCSync](/en/skills/dcsync)                                               |              3 |                  — |                 — |
| [EternalBlue (MS17-010)](/en/skills/eternalblue)                          |              2 |                  — |                 1 |
| [linPEAS](/en/skills/linpeas)                                             |              1 |                  — |                 2 |
| [Type Juggling / Confusion](/en/skills/type-juggling)                     |              3 |                  — |                 — |
| [WebDAV](/en/skills/webdav)                                               |              3 |                  — |                 — |
| [winPEAS](/en/skills/winpeas)                                             |              3 |                  — |                 — |
| [Pi-hole default credentials](/en/skills/pi-hole)                         |              2 |                  — |                 — |
| [Redis Exploitation](/en/skills/redis-exploit)                            |              2 |                  — |                 — |
| [Anonymous FTP](/en/skills/ftp-anonymous)                                 |              — |                  — |                 1 |
| [AutoLogon credentials](/en/skills/autologon)                             |              1 |                  — |                 — |
| [Elastix LFI](/en/skills/elastix)                                         |              1 |                  — |                 — |
| [Group Policy Preferences (GPP)](/en/skills/gpp)                          |              1 |                  — |                 — |
| [HttpFileServer (CVE-2014-6287)](/en/skills/hfs)                          |              1 |                  — |                 — |
| [MS08-067 (NetAPI)](/en/skills/ms08-067)                                  |              — |                  — |                 1 |
| [pfSense](/en/skills/pfsense)                                             |              1 |                  — |                 — |
| [phpbash (PHP web shell)](/en/skills/phpbash)                             |              1 |                  — |                 — |
| [Samba 3.0.20 RCE (CVE-2007-2447)](/en/skills/samba-rce)                  |              1 |                  — |                 — |

*Last updated: 2026-06-07*
