CTF writeups, security research, and technical articles.
Category
Tags
Timeline
Showing 182 posts
DevArea is a Medium-difficulty Linux machine released as part of HTB season 10.
Kobold is a Easy-difficulty Linux machine released as part of HTB season 10.
CCTV is a Easy-difficulty Linux machine released as part of HTB season 10.
Pirate is a Hard-difficulty Windows machine released as part of HTB Season 10. Exploit Pre-Windows 2000 machine accounts, dump gMSA hashes, pivot through internal networks, and chain RBCD relay with SPN injection to achieve full Domain Admin.
Use GitHub Actions to provision an ephemeral amd64 DigitalOcean droplet, build Docker images natively, push to registry, and tear everything down automatically.
Build a custom Docker image for Kasm Workspaces, push it to a registry, and register it so it appears as a selectable workspace.
Interpreter is a Medium-difficulty Linux machine released as part of HTB season 10.
Deploy Kasm Workspaces on a DigitalOcean droplet, attach a domain, enable HTTPS with Let's Encrypt, and harden the server for secure remote browser access.
Pterodactyl is a Medium-difficulty Linux machine released as part of HTB season 10.
WingData is a Easy-difficulty Linux machine released as part of HTB season 10.
Download files from a remote server, compare them safely in a local branch, and decide whether to discard, merge, or push changes to a remote repository.
First post on the blog — what to expect from this site and what I'll be writing about.
Build a fast, cloud-based Ubuntu workstation using Xfce and xRDP, then connect it securely to corporate networks using OpenConnect (GlobalProtect-compatible).
Facts is a Easy-difficulty Linux machine released as part of HTB season 10.
Exploit AES-CTR mode vulnerability in a custom IRC-like server with reused counter initialization
Analyze compromised system through network traffic and memory forensics to uncover malware deployment and credential theft
Analyze memory dump of compromised Linux system to uncover malicious Chrome extension and credential theft
Identify and exploit secure coding vulnerabilities in a web application
Exploit path traversal vulnerability in a PHP web application to extract the flag
code is a Easy-difficulty Linux machine from HackTheBox.
EscapeTwo is an Easy-difficulty Windows Active Directory machine from HackTheBox featuring SMB enumeration, credential extraction from Excel files, SQL Server exploitation, and Kerberos abuse.
Analyze Windows event logs to uncover two-part flag hidden in PowerShell command execution and log artifacts
Reverse engineer a binary that uses Fisher-Yates shuffling to find the original input string
Reverse engineer encoded strings from JavaScript code to extract hidden data
Exploit stale cache policy vulnerabilities in a web application with Content Security Policy analysis
Exploit JWT authentication bypass and token manipulation in a Node.js web application
inflitrator is a Hard-difficulty Windows machine from HackTheBox.
PermX is an Easy-difficulty Linux machine from HackTheBox.
blazorized is a Hard-difficulty Windows domain controller machine from HackTheBox.
axlle is a Hard-difficulty Windows machine from HackTheBox.
editorial is an Easy-difficulty Linux machine from HackTheBox featuring SSRF vulnerability and GitPython RCE.
blurry is a Medium-difficulty Linux machine from HackTheBox.
freelancer is a Hard-difficulty Windows machine from HackTheBox.
boardlight is an Easy-difficulty Linux machine from HackTheBox featuring Dolibarr ERP/CRM exploitation.
Smart contract challenge requiring multi-step validation including hacking skills, stealth, engineering, and demolition expertise
Cryptography challenge using known plaintext attack to break XOR-based encryption with SHA-256 key derivation
AWS IAM and cloud security challenge involving credential enumeration and permission analysis
AWS IAM role ARN extraction challenge using role ID to construct proper ARN format
Full penetration test of web server with SPIP CMS exploitation, leading to initial access and system compromise
Windows forensics challenge analyzing PowerShell logs and obfuscated scripts to detect intrusion attempts
Full penetration test of Ubuntu web server with SSH and HTTP services
Full penetration test with multi-service enumeration including SSH and HTTP on multiple ports
ICS/SCADA challenge involving Modbus protocol communication with industrial control systems
Binary reverse engineering challenge involving libc random number prediction and brute-force seed discovery
magicgarden is a Insane-difficulty Linux machine from HackTheBox.
solarlab is a Medium-difficulty Windows machine featuring SMB enumeration, credential extraction from Excel files, ReportHub web application exploitation, and CVE-2023-33733 (ReportLab RCE).
mailing is a Easy-difficulty Windows machine from HackTheBox.
Intuition is a Hard-difficulty Linux machine from HackTheBox.
usage is a Easy-difficulty Linux machine from HackTheBox.
iClean (Capiclean) is a Medium-difficulty Linux machine featuring Flask SSTI exploitation and JWT-based authentication bypass.
mist is a Insane-difficulty Windows machine from HackTheBox.
wifinetictwo is a Medium-difficulty Linux machine featuring OpenPLC Runtime exploitation and WiFi security attacks.
Reverse a custom Caesar cipher variant with position-dependent shift
Exploit weak Diffie-Hellman with small parameters to recover shared secret and decrypt AES-CBC ciphertext
Exploit a weak Diffie-Hellman key exchange with small prime modulus
Identify TEA cipher from DELTA constant and decrypt ECB-mode ciphertext with known key
Break Diffie-Hellman over permutation groups using DLP algorithm on permutation cycles
Reverse a trivial string transformation: reverse flag then rearrange groups of three
Exploit RSA implementation using prime modulus instead of semiprime
Exploit ActiveMQ vulnerability, extract .NET malware, decrypt C2 communications, and recover multi-part flag
Analyze PCAP to detect SMTP exfiltration and reconstruct PDF from parts
Analyze disk image to extract and decrypt ransomware, then decrypt encrypted files
Extract flag from HTML content hidden in email file
Extract obfuscated PowerShell from PCAP, deobfuscate, decrypt AES payload, and recover flag parts
Analyze malicious DOCM file, extract XOR-encrypted payload, decrypt JavaScript layers, and recover C2 beacon
Analyze memory dump with Volatility and extract artifacts from system state
Analyze MFT records to answer forensic questions about file activity
Decode base64 email attachments and URL-decode payloads to uncover phishing attack details
Automate character-by-character flag extraction from server using socket programming
Interface with W25Q128 flash memory via SPI to read flag from device
Construct Python bytecode to find min/max values and answer the cube's riddle
Script game responses to survive The Fray video game challenge
Bypass blacklist filters in Python eval() to read the flag
Exploit format string vulnerability to overwrite target variable
Answer integer overflow questions to retrieve the flag
Exploit off-by-one vulnerability and strcmp null byte behavior
Use strace to identify file access attempts and retrieve the flag
Reverse engineer a compression algorithm and decode serialized data
Exploit gRPC path traversal to overwrite application files
Exploit command injection in time-based functionality
Exploit SQL injection to retrieve credentials and login
Unpack UPX-compressed executable to reveal hidden strings and flag
Exploit Apache Velocity Server-Side Template Injection (SSTI)
Exploit JWT vulnerabilities in python-jwt version 3.3.3
Exploit memcached injection and Python pickle deserialization for RCE
Exploit serialization vulnerabilities to achieve RCE through pickle deserialization
formulax is a Hard-difficulty Linux machine from HackTheBox.
Perfection is an Easy-difficulty Linux machine from HackTheBox featuring Server-Side Template Injection (SSTI) in a Ruby web application.
crafty is a Easy-difficulty Windows machine from HackTheBox.
skyfall is an Insane-difficulty Linux machine from HackTheBox featuring CVE-2023-28432 (Minio info disclosure), HashiCorp Vault integration, and advanced privilege escalation techniques.
pov is a Medium-difficulty Windows machine from HackTheBox.
analysis is a Hard-difficulty Windows machine from HackTheBox.
monitored is a Medium-difficulty Linux machine from HackTheBox.
bizness is a Easy-difficulty Linux machine from HackTheBox.
corporate is a Insane-difficulty Linux machine from HackTheBox.
Surveillance is a Medium-difficulty Linux machine from HackTheBox featuring Craft CMS and ZoneMinder exploitation.
devvortex is an Easy-difficulty Linux machine from HackTheBox. Exploitation involves Joomla vulnerability discovery, credential extraction, and privilege escalation via apport-cli pager escape.
hospital is a Medium-difficulty Windows machine from HackTheBox.
Decode a flag split between hex and base64 encoding
Reverse engineer a password generator to decrypt an encrypted flag
Exploit AES-CTR mode with predictable counter and key recovery
NoSQL injection in login form to bypass authentication
Command injection vulnerability in localhost-restricted endpoint
Pickle deserialization exploitation for remote code execution
XSS via filter bypass using noembed tag
NoSQL injection in authentication bypass with MongoDB
napper is a Hard-difficulty Windows machine from HackTheBox.
.NET binary reverse engineering challenge
SSRF vulnerability leading to admin account creation
manager is a Medium-difficulty Windows machine from HackTheBox.
Drive is a Hard-difficulty Linux machine from HackTheBox featuring a Django-based file management application with SQLite databases.
Analytics is an Easy-difficulty Linux machine from HackTheBox featuring Metabase RCE exploitation and overlayFS privilege escalation.
visual is a Medium-difficulty Windows machine from HackTheBox.
cozyhosting is an Easy-difficulty Linux machine from HackTheBox featuring Spring Boot Actuator exposure, session hijacking, command injection, and SSH privilege escalation.
zipping is a Medium-difficulty Linux machine from HackTheBox featuring file upload bypass via null byte injection and privilege escalation through shared object hijacking.
cybermonday is a Hard-difficulty Linux machine from HackTheBox.
keeper is an Easy-difficulty Linux machine from HackTheBox featuring Request Tracker enumeration, default credential exploitation, and KeePass memory dump vulnerability exploitation.
download is a Hard-difficulty Linux machine from HackTheBox. Partial writeup with reconnaissance findings documented.
gofer is a Hard-difficulty Linux machine from HackTheBox.
registrytwo is a Hard-difficulty Linux machine from HackTheBox.
Exploit a backdoored e-voting smart contract to manipulate election results
Forge NFT signatures to gain access to confidential Board of Arodor documents
Full system compromise requiring exploitation chain through multiple vulnerabilities
Exploit a multi-signature wallet to steal crowdfunding campaign funds
Break AES-CTR encryption with nonce reuse vulnerability
Enumerate and exploit misconfigured AWS S3 buckets to access confidential information
Exploit weak PRNG in RSA system to decrypt enemy communications
Forge DSA signatures to access vitalium resource coordinates
Sign a contract with a simple condition to complete military enrollment paperwork
Forge Merkle tree signatures to detect a blockchain backdoor
Exploit WordPress plugin vulnerabilities and LLM prompt injection for RCE
Full exploitation of a web application with file upload vulnerability, command injection, and privilege escalation.
Exploit a device control server to manipulate devices or gain system access.
Exploit a surveillance system tracking application by bypassing file restrictions and causing heap corruption.
Exploit a Command and Control (C2) service by exploiting vulnerabilities in its bot management system.
Bypass a bitmap scanning application by crafting a malicious BMP file to trigger code execution.
Reverse engineer an ancient COBOL punch card program representing a facility update.
Exploit a Modbus-based SCADA door control system by manipulating sensors and coils.
Analyze captured Modbus network traffic to extract sensitive data from industrial control registers.
Analyze network captures to identify intruder reconnaissance and data tampering on industrial systems.
Exploit a Java deserialization vulnerability in a water level monitoring application.
authority is a Medium-difficulty Windows machine from HackTheBox.
sau is an Easy-difficulty Linux machine from HackTheBox involving SSRF, command injection, and privilege escalation.
Pilgrimage is an Easy-difficulty Linux machine featuring an image shrinking service with exposed git repository, ImageMagick LFI, and Binwalk RCE vulnerabilities.
twomillion is an Easy-difficulty Linux machine from HackTheBox. This writeup is a skeleton with limited documentation.
pc is a Easy-difficulty Linux machine from HackTheBox.
busquedas is a Easy-difficulty Linux machine from HackTheBox.
Exploit RSA with small public exponent e=3 using Coppersmith's attack
Exploit custom AES ECB implementation with block recycling vulnerability
Analyze and decode malicious script with systemd persistence mechanism
Exploit AES ECB mode encryption with known plaintext and partial key recovery
Reverse engineer a multi-layer encoding scheme involving hex conversion and base64
Hardware debugging and analysis of timing/electrical signals
Exploit Python deserialization vulnerabilities in YAML and Pickle
Win 100 rounds of Janken by exploiting logic in string matching
Automate repeated HTTP requests to extract flag from endpoint
Exploit Python exec() filter bypass using character encoding
Automate mathematical expression evaluation over TCP socket
Escape restricted SSH environment using bash profile bypass
Solve bridge crossing puzzle using optimal algorithm
Buffer overflow via fgets() vulnerability in vulnerable C binary
Buffer overflow exploitation using controlled payload delivery
Reverse engineer custom shell binary and crack XOR-encrypted password
Solve complex multi-condition logic puzzle in binary
Reconstruct input string by analyzing multi-byte field access patterns
Exploit SQL injection vulnerability and use path traversal to extract flag
Exploit IDOR and JWT vulnerabilities in shopping application
Crack three-stage password validation in binary using string reversal and XOR
Exploit IDOR vulnerability in GraphQL API to access admin data
inject is a Easy-difficulty Linux machine from HackTheBox.
interface is a Medium-difficulty Linux machine from HackTheBox.
stocker is an Easy-difficulty Linux machine from HackTheBox.
soccer is an Easy-difficulty Linux machine from HackTheBox featuring web file manager exploitation, SQL injection via WebSocket, and privilege escalation through doas.
Discrete log problem with extremely small prime - trivial brute force attack
AES encryption challenge with multiple block cipher modes - exploit ECB mode weakness
JWT authentication bypass through XSS to steal admin session and access flag
Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation
SQL injection in user registration leading to authentication bypass and flag theft
IP spoofing via X-Forwarded-For header to bypass localhost-only admin access
Server-Side Template Injection (SSTI) in Mako template engine leading to RCE
Photoshop is a Medium-difficulty Windows machine from HackTheBox.
ambassador is a Medium-difficulty Linux machine from HackTheBox.