Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).
Doctor
An easy Linux box from HackTheBox, get initial access via SSTI, then escalate privileges by finding a password in logfiles and using it to login to Splunk and upload a malicious app.
Beep
An easy Linux box from HackTheBox, get initial access by a webshell uploaded as mail, and run by LFI, then get root by abusing sudo privileges on nmap.
Nineveh
A medium Linux box from HackTheBox, get initial access by abusing an RFI, then escalate by exploiting chkrootkit to execute a script as root and send us a reverse shell.
Poison
A medium OpenBSD box from HackTheBox, get initial access by using a log poisoning attack and then escalate priviliges by exposing a local VNC listener running as root.
Grandpa
An easy Windows box from HackTheBox, get initial access via RCE from a vulnerable version of IIS, then escalate privileges with a kernel exploit.