HackTheBox – Paper Write-up

Hi everyone! Today’s write-up is on Paper, an easy Linux machine from HackTheBox. This machine requires us to enumerate the HTTP response header to discover the domain name, enumerate the version of WordPress for a vulnerability, and a specific comment in a post before having the knowledge to exploit the vulnerability to read secret content […]

picoCTF 2022 Write-up (Web Exploitation)

Hi everyone! This post is on picoCTF 2022 write-up for web exploitation that was held from 16th March 2022 to 30th Mar 2022. It covers the basics of analyzing the client source codes, path traversal, robots.txt, modifying cookies, directory fuzzing, and SQL injection. Let’s get started! 1. Includes Below shows the main page of the […]

picoCTF 2022 Write-up (Binary Exploitation)

Hi everyone! This post is on picoCTF 2022 write-up for binary exploitation that was held from 16th March 2022 to 30th Mar 2022. In this CTF, there are buffer overflow, on stack shellcode execution, format string attack, function overwrite, C programming array out of bound (OOB) arbilitary write, stack cache, and vulnerable string check. Let’s […]

CTF.SG CTF 2022 Write-up

Hi everyone! Today’s write-up is on CTF.SG 2022. It is a 24 hours CTF hosted over the weekend (12-13/3/2022) with many different categories such as Sanity, Web, Pwn, Cryptography, Reverse Engineering, and Misc. I did not have time to solve many challenges as I needed my sleep. This CTF definitely isn’t easy, especially for reverse […]

TryHackMe – Post-Exploitation Basics Write-up

1. Introduction This challenge on TryHackMe (THM) will only be covering on the basics of what we usually do after gaining access to a machine that is in an Active Directory (AD) network. Enumeration via Powerview and Bloodhound will be done along with dumping password hashes and Golden ticket using Mimikatz. Further information gathering will […]