Write-ups for all the fullpwn challenges from HTB University CTF 2024.

Write-ups for web challenges from CYBERGON CTF 2024.

2024 edition of Hack The Boo from HTB to celebrate Cybersecurity Month and Halloween. I solved a few challenges ( ‾́ ◡ ‾́ )

Mailing is an easy difficulty machine from HackTheBox that features an email server running on hMailServer. There is a path traversal on its web application, where I'll enumerate for the hMailServe...

Freelancer is a hard difficulty lab from HackTheBox which features a web application and Windows Active Directory. The web application has broken access control which allowed us to login as the adm...

3108 CTF is a Malaysian CTF organized by Bahtera Siber, themed around National Day. This is my first time joining the event, and I got to solve a few challenges. 🇲🇾🇲🇾🇲🇾

Cap is an easy machine from HackTheBox which has a website that allows users to download pcap files. I'll exploit an IDOR to grab a pcap which contains the user's credentials to get a shell on the ...

Publisher is an easy box from TryHackMe which features a vulnerable instance of SPIP that allows us to get unauthenticated RCE. After getting user on the box, we notice that we are being blocked by...

In Crafty, I'll exploit the infamous Log4j RCE exploit (CVE-2021-44228) on a Minecraft server to gain a shell as the user. Then, I'll discover a jar file in one of the user's directories, decompile...

Lame as its name suggests is a very easy box. The services running on the box are old, and there is a known CVE that allows to directly gain a shell as root.