Writeups for challenges that our team, USM Biawaks solved from the UMCS CTF 2025 Preliminary round.

Writeups for a few challenges that I solved from swampCTF 2025 — Contamination (Web), SwampTech Solutions (Web), Preferential Treatment (Forensics), MuddyWater (Forensics), and Blue (Misc).

Writeups for a few web challenges that I solved from RITSEC CTF 2025 — Cosmic Pathways, Upload Issues, and Upload Issues 2.

Solutions for Fortune Crumbs (Web), Quote (Web), Treasure Hunt (Pwn), and Readme (Pwn). Fortune Crumbs is a blind SQL injection challenge to steal the admin's password. Quote is an SQL injection challenge, where you'll use the SQLi to register a user with the JWT algorithm set to 'none' to craft a JWT as admin. Treasure Hunt is a standard buffer overflow challenge, and Readme involves abusing Linux file descriptors to read the flag.

Played Apoorvctf 2025 over the weekend. Here are the writeups for SEO CEO (Web), Blog 1 (Web), Ghosted on the 14th (Misc), Nobita's Network Nightmare (Network), and Subramaniyudan Kadhaipoma (AI).

Cicada is a very easy active directory box that involves common AD enumeration to discover hardcoded credentials, which can be used to pivot to other users with more privileges. Eventually, we'll pivot to a user that is a member of the Backup Operators group, which we can abuse to dump hashes from the domain controller and get a shell as administrator through Pass-the-Hash.

Write-ups for all the fullpwn challenges from HTB University CTF 2024.

Write-ups for web challenges from CYBERGON CTF 2024.

2024 edition of Hack The Boo from HTB to celebrate Cybersecurity Month and Halloween. I solved a few challenges ( ‾́ ◡ ‾́ )

Mailing is an easy difficulty machine from HackTheBox that features an email server running on hMailServer. There is a path traversal on its web application, where I'll enumerate for the hMailServer configuration file to discover a hash to crack. This gives us valid email credentials to exploit a recent Office exploit, CVE-2024-21413 to capture the user's NTLM hash. For root, there's a scheduled task running LibreOffice which is vulnerable to CVE-2023-2255 which allowed us to add our user to the local administrator group.