Writeups for a few challenges that I solved from swampCTF 2025 — Contamination (Web), SwampTech Solutions (Web), Preferential Treatment (Forensics), MuddyWater (Forensics), and Blue (Misc).

Writeups for a few web challenges that I solved from RITSEC CTF 2025 — Cosmic Pathways, Upload Issues, and Upload Issues 2.

Solutions for Fortune Crumbs (Web), Quote (Web), Treasure Hunt (Pwn), and Readme (Pwn). Fortune Crumbs is a blind SQL injection challenge to steal the admin's password. Quote is an SQL injection challenge, where you'll use the SQLi to register a user with the JWT algorithm set to 'none' to craft a JWT as admin. Treasure Hunt is a standard buffer overflow challenge, and Readme involves abusing Linux file descriptors to read the flag.

Played Apoorvctf 2025 over the weekend. Here are the writeups for SEO CEO (Web), Blog 1 (Web), Ghosted on the 14th (Misc), Nobita's Network Nightmare (Network), and Subramaniyudan Kadhaipoma (AI).

Cicada is a very easy active directory box that involves common AD enumeration to discover hardcoded credentials, which can be used to pivot to other users with more privileges. Eventually, we'll pivot to a user that is a member of the Backup Operators group, which we can abuse to dump hashes from the domain controller and get a shell as administrator through Pass-the-Hash.

Write-ups for all the fullpwn challenges from HTB University CTF 2024.

Write-ups for web challenges from CYBERGON CTF 2024.

2024 edition of Hack The Boo from HTB to celebrate Cybersecurity Month and Halloween. I solved a few challenges ( ‾́ ◡ ‾́ )

Mailing is an easy difficulty machine from HackTheBox that features an email server running on hMailServer. There is a path traversal on its web application, where I'll enumerate for the hMailServer configuration file to discover a hash to crack. This gives us valid email credentials to exploit a recent Office exploit, CVE-2024-21413 to capture the user's NTLM hash. For root, there's a scheduled task running LibreOffice which is vulnerable to CVE-2023-2255 which allowed us to add our user to the local administrator group.

Freelancer is a hard difficulty lab from HackTheBox which features a web application and Windows Active Directory. The web application has broken access control which allowed us to login as the administrator through an IDOR. From there, we gain access to a panel that allows us to execute SQL commands, and gain initial foothold onto the box. The foothold is interesting as it involves MSSQL impersonation and AV evasion. After gaining the foothold, we discover hardcoded credentials in one of the configuration files to get to user. The root step using a crash dump file to extract passwords from SAM. This gives us access as another user that is a member of the AD Recycle Bin Group. This group had GenericWrite privileges over the domain controller, which allowed us to perform a Resource-Based Constrained Delegation (RBCD) attack to get a shell as the Domain Admin.