CTF Writeups
HTB Knife: PHP 8.1.0-dev Supply Chain Backdoor RCE to Root
Exploiting the PHP 8.1.0-dev supply chain backdoor via User-Agentt header for RCE, then root through knife binary sudo privilege on Linux.
Articles
CTF Writeups
HTB Broker Writeup
Apache ActiveMQ CVE-2023-46604 deserialization RCE for initial shell, then root via nginx sudo misconfiguration allowing config overwrite.
CTF Writeups
HTB Bashed Writeup: From phpbash WebShell to Root via Cron Job Abuse
Discovering phpbash webshell on Apache, lateral movement to scriptmanager user, then root access by abusing a Python cron job on Linux.
CTF Writeups
HTB Mirai: Default Creds, Pi-hole & USB Forensics
Raspberry Pi default credentials on a Pi-hole device for initial access, then recovering the deleted root flag from a USB drive using Linux forensics.
CTF Writeups
HTB Shocker: RCE via CGI-bin + Perl Privesc
Shellshock (CVE-2014-6271) exploitation through CGI-bin scripts for remote command execution, then root via Perl sudo privilege escalation.
CTF Writeups
HTB Sense: Hacking The Firewall
Directory bruteforcing pfSense firewall to discover admin credentials, then exploiting CVE-2014-4688 for remote command execution as root.