ctf write-up web HTB rce scripting CA-CTF nodejs deserialization certifications business-ctf blind-xss uni-ctf ssti ssrf sqli request-smuggling remote-code-execution redteamvillage redteam redis oscp lfr forensic express defcon csrf cookie-forgery zip-slip ysoserial xss xpath-injection websocket web-300 verdaccio unix-socket-injection templating-engine supply-chain-attack steghide sqlmap socks4a snyk self-xss saleae py-jail proxychains prototype-pollution pop-chain pickle-deserialization php-messenger php-gd oswe-prep oswe olevba npm-registry npm node-libcurl nginx misc meterpreter maldoc lfi jwt idat-chunks http2 hardware gopher flask-session eta docker directory-traversal cyberdrill cve-2022-25967 cve-2022-23614 cve-2022-0543 cve-2021-40346 cve-2021-36740 cve-2021-23631 cve-2017-7494 csp-bypass cookie-session cache-poisoning buffer-overflow awae autopsy asti