In this video I demonstrate how to solve the prequalification CTF (Capture The Flag) for the TNW Conference 2018! Topics such as decoding JavaScript and XML External Entities (XXE) injection are covered in this video.

Update: The challenges in this CTF were developed by the PwC Team in Israel. was only used as the base platform.

Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a “bug bounty program” these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)

Special Thanks:
– Josh (First elite supporter!)

– VMware (
– Kali Linux (
– Burp Suite (

Stay tuned and subscribe for upcoming video about various types of hacks!

Twitter: @CrazyDaneHacker