Writeups
Detailed exploitation walkthroughs for CTF challenges and real-world scenarios.
Showing 10 of 25 writeups
CMSpit
A TryHackMe room exploiting Cockpit CMS NoSQL injection for initial access, discovering MongoDB credentials, and escalating privileges using exiftool CVE-2021-22204.
Year of the Jellyfish
A hard TryHackMe room involving SSL certificate enumeration to discover virtual hosts, exploiting an unauthenticated RCE in Monitorr v1.7.6 via a custom exploit script, and escalating privileges using the DirtySock snapd vulnerability.
HackTheBox – Kobold
Detailed exploitation walkthrough for HackTheBox Kobold machine, covering CVE-2026-23520 MCP service RCE and Docker daemon privilege escalation.
HackTheBox – VariaType
Detailed exploitation walkthrough for HackTheBox VariaType machine, covering CVE-2025-66034 and vulnerable font processors.
HackTheBox – Facts
Detailed exploitation walkthrough for HackTheBox Facts machine, covering CVE-2025-2304 and Facter privilege escalation.
TryHackMe - Glitch
A detailed walkthrough of the Glitch room on TryHackMe - focusing on NodeJS API exploitation, reverse shell stabilization, and privilege escalation through Firefox credential recovery and doas abuse.
TryHackMe - Lunizz CTF
A Medium-rated room involving MySQL enumeration, bcrypt hash cracking with base64 preprocessing, privilege escalation through internal service abuse, and root access via a backdoor.
Empline
A medium TryHackMe room involving subdomain discovery, OpenCATS RCE exploitation, MySQL credential extraction, MD5 hash cracking, and Linux capability abuse (cap_chown) for root.
Year of the Pig
A hard TryHackMe room involving custom wordlist generation, MD5 hash cracking, and exploiting the PwnKit vulnerability for root access.
Smag Grotto
An easy TryHackMe room involving PCAP analysis, command injection, SSH key injection via cron, and sudo abuse with apt-get.