Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).
Hackpark
An easy Windows box from TryHackMe, brute force a login and exploit blogengine for initial access, then manipulate a misconfigured service for SYSTEM.
Skynet
An easy Linux box from TryHackMe, follow a string of leaked data to get creds, then leverage an RFI for initial access, and use a cronjob run as root to escalate.
Kenobi
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
Return
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.
Optimum
An easy Windows box from HackTheBox, running a CVE POC to get initial access, and then another POC to get SYSTEM.