Process enumeration via LFI, GDB remote debugging, SUID binary and path manipulation to get root.

Bypassing SQLi filters and escaping from the Twig sandbox in a black-box web challenge.

Padding Oracle Attack, Code Injection and Docker Breakout.

Default credentials, Vertical Escalation to Admin on the Web App, Reaching Internal API via SSRF, Fuzzing LFI Payloads and SSH Brute Force.

Account takeover via XSS and hidden file discovery.

This challenge is a cryptography challenge from CTFlearn. It’s a hard level challenge based on Linear-feedback Shift Register (LFSR). Challenge Description Hello! I have just implemented a super-...

CyberLens is an easy level boot2root machine available on TryHackMe. This box is a Windows machine with a vulnerable web application. The goal is to exploit the web application to get a reverse she...

AudioEdit is a hard web challenge on CTFlearn. That challenge is about exploiting SQL injection vulnerability in the metadata of an audio file. Solution When we visit the website, we see a simple...

BoilerCTF is an annoying boot2root challenge on TryHackMe. It has a lot of rabbit holes! Definitely, easy-medium level challenge if the creator didn’t put those rabbit holes. Enumeration As alway...

StuxCTF is a medium level boot2root challenge on TryHackme. This room consists of Diffie-Hellman key exchange, PHP deserialization attack and privilege escalation. Enumeration As always, we start...