The Future of This Blog As the year 2022 came to a close, I realized that I had not written a post all year. Despite the lack of activity, I have still been solving TryHackMe machines, HTB boxes, ...

Sweettooth Inc. needs your help to find out how secure their system is! This is a linux box from TryHackMe. As with all boxes, we start with an nmap scan. Nmap 1 2 3 4 5 6 7 8 9 10 11 12 13...

Deploy & hack into a Windows machine, leveraging common misconfigurations issues. Intro Blue is a very easy Windows box made to introduce beginners to pentesting. Attackers will utilize a...

After the previous breach, VulnNet Entertainment states it won’t happen again. Can you prove they’re wrong? Introduction Just another boot2root box, let’s get started with an nmap scan. I wil...

Goal: Read /etc/passwd Lab Solutions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Lab1 - Basic: /image?filename=../../../../../../../etc/passwd Lab2 - Absolute Path: /image?filename=/etc/passwd ...

Union CTF is a jeopardy-style CTF aiming for a medium difficulty, organised by the UK-based cr0wn team. The first writeups are a web/sh jail, then the rest is the big OSINT question from this ...

Basic SQLi TODO: ADD BlindSQL [LAB] SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Solution: Go to categories and append the following to the URL. 1 ' OR 1=1-- ...

Dice CTF is hosted by DiceGang/redpwn. I played on the team IrisSec. https://twitter.com/dicegangctf/status/1358626895076544512 BabyCSP (349 Solves) Baby CSP was too hard for us, try Bab...

Blockchain-focused CTF, hosted by Offshift Introduction x41414141 CTF is sponsored by Offshift, and the challenge creators are the mods from John Hammond’s Discord server. I played with IrisS...

The Icelandic Hacking Competition - pwnLANdir$ Writeups. Placed 27/150 Teams Introduction I played on the team pwnLANdir$. This post will contain writeups for the challenges that I solved. ...