CTF Writeups
HTB Keeper Writeup: How a Danish Dessert Unlocked Root Access
Request Tracker default credentials for initial access, then KeePass crash dump memory analysis (CVE-2023-32784) to extract the root SSH key.
Articles
CTF Writeups
HTB Knife: PHP 8.1.0-dev Supply Chain Backdoor RCE to Root
Exploiting the PHP 8.1.0-dev supply chain backdoor via User-Agentt header for RCE, then root through knife binary sudo privilege on Linux.
CTF Writeups
HTB Broker Writeup
Apache ActiveMQ CVE-2023-46604 deserialization RCE for initial shell, then root via nginx sudo misconfiguration allowing config overwrite.
CTF Writeups
HTB Bashed Writeup: From phpbash WebShell to Root via Cron Job Abuse
Discovering phpbash webshell on Apache, lateral movement to scriptmanager user, then root access by abusing a Python cron job on Linux.
CTF Writeups
HTB Mirai: Default Creds, Pi-hole & USB Forensics
Raspberry Pi default credentials on a Pi-hole device for initial access, then recovering the deleted root flag from a USB drive using Linux forensics.
CTF Writeups
HTB Shocker: RCE via CGI-bin + Perl Privesc
Shellshock (CVE-2014-6271) exploitation through CGI-bin scripts for remote command execution, then root via Perl sudo privilege escalation.