CTF write-ups

A medium TryHackMe box chaining mass assignment, SSRF, and Jinja2 SSTI to gain initial access, then escalating to root by leveraging an exposed Erlang cookie to extract credentials from a misconfigured RabbitMQ service.

A Medium Rated PHP web app challenge chaining exposed logs, OTP brute force via rate limit bypass, and JWT forgery to achieve remote command execution

Medium difficulty web challenge focusing on server side vulnerabilities

Hard Active Directory box Leverage credential reuse for initial access, identify a privileged user via BloodHound, hijack a scheduled script for lateral movement, then perform an RBCD attack to compromise the root domain controller

Hard Active Directory environment consisting of enumeration, credential spraying, BloodHound analysis, privilege escalation via Backup Operators group

Hard Linux Box including: web enumeration, vhost discovery, jwt token manipulation, SQL Injection, Linux Privilege Escalation

Medium difficulty Active Directory box focusing on Web Enumeration, File Upload Abuse, AV Evasion, Uac bypass

A hard Active Directory compromise that chained weak credential hygiene, SMB guest access, password spraying, AS-REP roasting, and registry credential leaks into a full BloodHound-guided escalation, ultimately abusing Kerberos delegation (RBCD) to impersonate Administrator and achieve domain compromise.

A medium difficulty web exploitation chain where exposed admin interfaces, logic flaws, and SQL injection were leveraged to reset credentials, ultimately escalating to admin access and achieving RCE via a vulnerable Twig SSTI.

Easy Active Directory box exploiting misconfigured OWA

Medium difficulty defense evasion box featuring a scheduled task privilege escalation vector

Hard Active Directory box exploiting anonymous LDAP access and AD CS ESC1 misconfiguration