Hello everyone! 👋 I’m Sh3rl0ck, and I’m excited to share my writeup for the recent I&M InterUniversity CTF . This competition had a great mix of challenges, pushing me to rely on core cybersecu...

This writeup details the complete breakdown of the SkiddyKill3r web challenge, a rigorous test of reconnaissance and creative problem-solving. The path to the flag required chaining multiple exploi...

We root an Active Directory Windows host that also runs a web application. Initial nmap enumeration reveals HTTP, LDAP, SMB and WinRM. We exploit an insecure file upload (ZIP polyglot) to get a web...

Puppy is a medium windows machine on HTB Season 8 .We start off with bloodhound python using the credentials given for it’s an assumed breach Port Scan Default all port scan nmap --min-rate 10000 ...

Fluffy is an assume-breach Windows Active Directory challenge. I begin by exploiting CVE-2025-24071 / CVE-2025-24055 a flaw in how Windows processes library-ms files inside ZIPs that causes the tar...

Nocturnal hosts a web app with an IDOR that lets me access other users’ files and ultimately expose the admin password. Inside the admin interface I discover a command-injection flaw in the backup ...

Dog is running Backdrop CMS. We found a publicly accessible .git repository, recovered credentials from the site files, used those credentials to log in as an admin and upload a malicious Backdrop ...

The challenge starts off by explaining to us how a user in an organization is tricked to opening a document from a phishing email and enables content. But the SOC team are immediately alerted of t...

LinkVortex is an easy Linux machine. The initial access is gained by finding an exposed .git directory, which contains credentials. These credentials give access to a Ghost CMS that is vulnerable t...

Challenge Overview Secure Chat Bounty is an android ctf challenge that involves exploiting an api endpoint to get the JWT token for admin. We start interacting with the application in an android ...