Boot2Root, Web Security
Discover hidden vhosts via HTTP/1.0 Host fallback, then SSRF localhost to leak a flag-bearing header through /think.
Learn how to upgrade a basic reverse shell into a fully interactive TTY with tab completion, job control, and clean terminal output.
After gaining initial access, often times we will need to exfiltrate files out of the target system to our local machine.