3108 CTF is a Malaysian CTF organized by Bahtera Siber, themed around National Day. This is my first time joining the event, and I got to solve a few challenges. 🇲🇾🇲🇾🇲🇾

Cap is an easy machine from HackTheBox which has a website that allows users to download pcap files. I'll exploit an IDOR to grab a pcap which contains the user's credentials to get a shell on the ...

Publisher is an easy box from TryHackMe which features a vulnerable instance of SPIP that allows us to get unauthenticated RCE. After getting user on the box, we notice that we are being blocked by...

In Crafty, I'll exploit the infamous Log4j RCE exploit (CVE-2021-44228) on a Minecraft server to gain a shell as the user. Then, I'll discover a jar file in one of the user's directories, decompile...

Lame as its name suggests is a very easy box. The services running on the box are old, and there is a known CVE that allows to directly gain a shell as root.

In DC-9, we only have access to a web application, which is vulnerable to SQL injection and LFI. We exploit the SQL injection to collect a set of credentials that is used later on in the box. The i...

FALL is an easy box from the digitalworld.local series. It hosts a web application that uses CMS Made Simple, where we discover an LFI vulnerability that allows us to read the SSH private key of th...