Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).
Internal
A hard Linux box from TryHackMe, brute force a wordpress page for initial access, then pivot to a locally running Jenkins instance for root.
Relevant
A medium box from TryHackMe, grabbing creds from an anonymous smb share, then using them with EternalBlue for SYSTEM.
Daily Bugle
A hard Linux box from TryHackMe, use a SQLi in the particular joomla version to get access, finding a password to pivot, and then using GTFObins yum for root.
Alfred
An easy Windows box from TryHackMe, get initial access through Jenkins groovy script, and abusing SeImpersonatePrivelege user rights to get SYSTEM.
Game Zone
An easy Linux box from TryHackMe, use a SQLi for initial access, expose a local service with a reverse tunnel and exploit the version for root.