This is the second PWN challenge of the DefCamp CTF 2019 Qualification round. This challenge involved an ASLR, DEP, and Stack Canary bypass using a format string vulnerability and a buffer overflow vulnerability. We are supplied a binary and an IP and port. We start...

HackTheBox Dificulty RatingLinux2019 Jan 2018This box was fairly straight forward. The user part has to do with an unauthenticated file upload found when submitting a ticket on the web application. The tricky part is making a python script found on searchsploit to...

I really enjoyed this challenge during Plaid CTF even though we didn’t end up getting the flag because of a minor mistake as I will explain below. I spent a few precious hours on this challenge and did everything (well, mostly) right the first time and all indications...

HackTheBox Dificulty RatingLinux2013 Oct 2018Even though the user part was very CTF like, having to decode multiple esoteric languages and being directed this way and that through the application filesystem, the privesc ended up being a really nice and straight...

HackTheBox Dificulty RatingLinux3022 Sep 2018This was just an amazing box and probably my favorite one so far. For the user part we had to log in to a web application by finding a directory listing with some clues on what the box is about and an error list page that...

HackTheBox Dificulty RatingLinux402o Oct 2018This was a pretty cool box, even if I had a bit of a problem when trying to get a stable reverse shell that made me leave the box alone for a few months until coming back to it and cursing myself for not trying something...