> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Catálogo de skills

> Índice completo de skills indexadas. Cada entrada lleva a una ficha con las máquinas que practican esa técnica + recursos curados + skills relacionadas.

# Catálogo de skills

Índice completo de skills indexadas. Cada entrada lleva a una ficha con las máquinas que practican esa técnica + recursos curados + skills relacionadas.

| Skill                                                                  | HTB · Máquinas | PortSwigger · Labs | TryHackMe · Rooms |
| ---------------------------------------------------------------------- | -------------: | -----------------: | ----------------: |
| [Remote Code Execution (RCE)](/skills/rce)                             |            104 |                 15 |               103 |
| [Information Leakage](/skills/information-leakage)                     |             74 |                  6 |                 — |
| [SQL Injection](/skills/sqli)                                          |             36 |                 22 |                20 |
| [Cross-Site Scripting (XSS)](/skills/xss)                              |             13 |                 36 |                10 |
| [Cracking Hashes (hashcat / John)](/skills/cracking-hashes)            |             25 |                  — |                22 |
| [Port Forwarding / Pivoting](/skills/port-forwarding)                  |             36 |                  — |                 4 |
| [USB forensics](/skills/usb-forensics)                                 |              1 |                  — |                39 |
| [Authentication Vulnerabilities](/skills/authentication)               |              4 |                 27 |                 2 |
| [Fuzzing de directorios](/skills/fuzzing)                              |             13 |                  — |                19 |
| [Active Directory](/skills/active-directory)                           |             12 |                  — |                18 |
| [File Upload Vulnerabilities](/skills/file-upload)                     |             16 |                  8 |                 4 |
| [SMB (139/445)](/skills/smb)                                           |             16 |                  — |                12 |
| [Local File Inclusion (LFI)](/skills/lfi)                              |             19 |                  — |                 8 |
| [OS Command Injection](/skills/command-injection)                      |             17 |                  5 |                 5 |
| [Server-Side Request Forgery](/skills/ssrf)                            |             10 |                 11 |                 4 |
| [Access Control / IDOR](/skills/access-control)                        |              1 |                 14 |                 9 |
| [SSTI (Server-Side Template Injection)](/skills/ssti)                  |             12 |                  7 |                 5 |
| [Web Cache Attacks (Poisoning / Deception)](/skills/web-cache-attacks) |              — |                 21 |                 1 |
| [Brute Force / Rate-Limit Bypass](/skills/brute-force)                 |             12 |                  1 |                 8 |
| [Insecure Deserialization](/skills/insecure-deserialization)           |             10 |                 10 |                 1 |
| [WordPress Exploitation](/skills/wordpress-exploit)                    |             13 |                  — |                 8 |
| [Buffer Overflow (BoF / ROP)](/skills/buffer-overflow)                 |             12 |                  — |                 8 |
| [HTTP Request Smuggling](/skills/request-smuggling)                    |              1 |                 16 |                 3 |
| [SUID binaries](/skills/suid)                                          |             12 |                  — |                 8 |
| [CSRF (Cross-Site Request Forgery)](/skills/csrf)                      |              2 |                 15 |                 2 |
| [XML External Entity](/skills/xxe)                                     |              6 |                  9 |                 4 |
| [JSON Web Tokens (JWT)](/skills/jwt-attacks)                           |             10 |                  8 |                 — |
| [Directory / Path Traversal](/skills/directory-traversal)              |              4 |                  8 |                 5 |
| [Race Conditions](/skills/race-conditions)                             |              3 |                  7 |                 6 |
| [Subdomain Enumeration](/skills/subdomain-enum)                        |             14 |                  — |                 2 |
| [Business Logic Vulnerabilities](/skills/business-logic)               |              — |                 12 |                 — |
| [BloodHound](/skills/bloodhound)                                       |             10 |                  — |                 1 |
| [IIS (Microsoft Web Server)](/skills/iis)                              |              8 |                  — |                 3 |
| [Prototype Pollution](/skills/prototype-pollution)                     |              1 |                  9 |                 1 |
| [LLM Attacks (Prompt Injection)](/skills/llm-attacks)                  |              — |                  8 |                 2 |
| [OAuth Authentication Vulnerabilities](/skills/oauth)                  |              1 |                  6 |                 1 |
| [GraphQL Vulnerabilities](/skills/graphql)                             |              1 |                  5 |                 1 |
| [Kerberoasting](/skills/kerberoasting)                                 |              5 |                  — |                 2 |
| [Remote File Inclusion (RFI)](/skills/rfi)                             |              4 |                  — |                 2 |
| [SNMP Enumeration](/skills/snmp-enum)                                  |              5 |                  — |                 1 |
| [Steganography (Stego)](/skills/steganography)                         |              4 |                  — |                 2 |
| [API Testing](/skills/api-testing)                                     |              — |                  5 |                 — |
| [AS-REP Roasting](/skills/asreproast)                                  |              2 |                  — |                 3 |
| [Clickjacking](/skills/clickjacking)                                   |              — |                  5 |                 — |
| [HTTP Host Header Attacks](/skills/host-header-attacks)                |              — |                  5 |                 — |
| [Transferencia de zona DNS](/skills/dns-zone-transfer)                 |              4 |                  — |                 1 |
| [WebSockets Vulnerabilities](/skills/websockets)                       |              1 |                  2 |                 2 |
| [Abuso de sudo](/skills/sudo-abuse)                                    |              1 |                  — |                 3 |
| [Credenciales por defecto](/skills/default-creds)                      |              1 |                  — |                 3 |
| [GetNPUsers (Impacket)](/skills/getnpusers)                            |              4 |                  — |                 — |
| [Shellshock (CVE-2014-6271)](/skills/shellshock)                       |              3 |                  1 |                 — |
| [Abuso de cron](/skills/cron-abuse)                                    |              3 |                  — |                 — |
| [CORS (Cross-Origin Resource Sharing)](/skills/cors)                   |              — |                  3 |                 — |
| [DCSync](/skills/dcsync)                                               |              3 |                  — |                 — |
| [EternalBlue (MS17-010)](/skills/eternalblue)                          |              2 |                  — |                 1 |
| [linPEAS](/skills/linpeas)                                             |              1 |                  — |                 2 |
| [Type Juggling / Confusion](/skills/type-juggling)                     |              3 |                  — |                 — |
| [WebDAV](/skills/webdav)                                               |              3 |                  — |                 — |
| [winPEAS](/skills/winpeas)                                             |              3 |                  — |                 — |
| [Pi-hole credenciales por defecto](/skills/pi-hole)                    |              2 |                  — |                 — |
| [Redis Exploitation](/skills/redis-exploit)                            |              2 |                  — |                 — |
| [AutoLogon credentials](/skills/autologon)                             |              1 |                  — |                 — |
| [Elastix LFI](/skills/elastix)                                         |              1 |                  — |                 — |
| [FTP anónimo](/skills/ftp-anonymous)                                   |              — |                  — |                 1 |
| [Group Policy Preferences (GPP)](/skills/gpp)                          |              1 |                  — |                 — |
| [HttpFileServer (CVE-2014-6287)](/skills/hfs)                          |              1 |                  — |                 — |
| [MS08-067 (NetAPI)](/skills/ms08-067)                                  |              — |                  — |                 1 |
| [pfSense](/skills/pfsense)                                             |              1 |                  — |                 — |
| [phpbash (web shell PHP)](/skills/phpbash)                             |              1 |                  — |                 — |
| [Samba 3.0.20 RCE (CVE-2007-2447)](/skills/samba-rce)                  |              1 |                  — |                 — |

*Última actualización: 2026-06-07*
