Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).
Driver
An easy Windows box from HackTheBox, getting initial acces by uploading a SCF file for SSRF and bruteforcing authentication, then using printnightmare to get SYSTEM.
Devel
An easy Windows box from HackTheBox, using an unsecured FTP server and file upload to get initial access, then a version CVE for SYSTEM.
Valentine
An easy Linux box from HackTheBox, using heartbleed for initial access, and then taking over a tmux session to get root.
Validation
An easy Linux box from HackTheBox, using a second order SQLi for initial access, and then finding a password in a config file for root.
Shocker
An easy Linux box from HackTheBox, using shellshock for initial access, and then a misconfigured perl binary for root.