HTB: PermX

published on 03 Nov 2024 included in categories HTB CTF

PermX is an easy Linux box, which is running a vulnerable version of Chamilio CMS which leads to a initial shell. Running linpeas reveals a password, which seems to be the password of the user mtz. Mtz has sudo permissions to run a custom bash binary, which can be exploited by making a symlink of /etc/sudoers and giving ourself ALL permissions to get root access.

CrewCTF 2024

published on 04 Aug 2024 included in categories CTF WEB

CrewCTF 2024 writeups

Deadsec CTF 2024

published on 28 Jul 2024 included in categories CTF WEB

Deadsec 2024 writeups

Imaginary CTF 2024

published on 20 Jun 2024 included in categories CTF WEB

Imaginary 2024 writeups

HTB: Pilgrimage

published on 15 Apr 2024 included in categories HTB CTF

Easy HTB machine where a website is used to reduce the size of images. Then an Image Magick exploit is used for file read vulnerability. Though that the SQLite3 database can be enumerated.

IMF

published on 08 Apr 2024 included in categories Vulnhub CTF Boot2Root

IMF is a boot2root mcahine that contains many flags. After each flag, the difficulty is increased. This machine starts with web and ends with a buffer overflow.

remoteshell.zip

HTB: PermX

CrewCTF 2024

Deadsec CTF 2024

Imaginary CTF 2024

HTB: Pilgrimage

IMF