Writeups
Some featured CTF and HTB writeups
HTB - Sightless
Gaining RCE on an SQLpad web app, escaping docker jail and getting user access. Discovered internal host that led to Chrome Debugger Pentesting. Acquiring credentials on a Froxlor Server Management Panel. Gaining root access afterwards by changing PHP-FPM commands to a bash SUID permission change.
Learn more →
HTB ProLabs - Dante
Dante ProLab is a simulated network with 14 machines and 27 flags. The critical learning in this lab was Network Pivoting
Learn more →