CTF Write-ups

CTF write-ups and walkthroughs for sites like TryHackMe, HackTheBox...

Methods and contents of this repository are for educational purposes only.

Read before running any files. If you don't understand the consequences of running, do not run.

---

TryHackMe

Complete

• AgentSUDO
  • linux, privesc, sudo cve, sudo -u#-1
• Authenticate
  • authentication, dictionary attacks, jwt, session, cookies, idor
• Avengers Blog
  • cookies, http headers, ftp, gobuster, sqli, remote code execution, linux
• Blaster
  • wordpress
• Boiler CTF
• Bolt
• Bounty Hunter
• Brooklyn Nine Nine
• C4ptur3 th3 fl4g
• Convert My Video
  • command injection, cron
• CTF Collection Vol.1
• Ice
  • windows, metasploit, mimikatz, icecast, cve, privesc
• Game Zone
• Kenobi
• LazyAdmin
• LFI basics
  • lfi, log poisoining
• Linux PrivEsc
• MAL: Malware Introductory
  • malware, disassembly, signatures, decompiling, packers, obfuscation
• Mr Robot CTF
• Overpass
• Pickle Rick
• Root Me
  • linux, rce, file upload, php extension bypass, python suid, sh -p
• Simple CTF
• Skynet
• TomGhost
  • tomcat
• Wonderland
  • linux, privesc, python imports, perl, setuid_+ep capabilities, getcap, elf, path env variables
• XXE
  • xxe, xml, web, injection, rce, lfi

In progress

• Advent of Cyber
• HackPark

---

HackTheBox

Complete

• Buff
  • cve, boku, python, cloudme_1112, chisel, port forwarding, ssh tunneling, msfvenom, buffer overflow
• Jerry
  • windows, tomcat, nmap, msfvenom, java/jsp_reverse_shell_tcp war payload
• Lame
  • linux, ftp, smb, smbmap, smbclient, privesc
• Tabby
  • linux, tomcat, tomcat manager, tomcat manager-scripts, war payload, tomcat9, wfuzz, lfi, lxc, lxd, msfvenom

In Progress

• Admirer
• Blunder
  • blundit