HTB Hospital CTF Writeup This penetration testing report provides a detailed analysis of the security posture of HTB Hospital CTF IT infrastructure, highlighting various vulnerabilities identified during the assessment process. The findings within this document reveal critical security flaws ranging from file upload restrictions bypasses to privilege escalation and web server takeover, which could potentially […]
Jarvis CTF Writeup Jarvis CTF Jarvis is a medium-level Linux challenge featuring a web server with SQL injection vulnerability. Exploiting this leads to initial access. Privilege escalation involves executing a script as another user and exploiting an SUID bit set on systemctl to gain root access. HackTheBox Hack The Box gives individuals, businesses and universities
Haircut CTF Writeup Writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Haircut CTF from HackTheBox. Haircut CTF Haircut CTF touches on several useful attack vectors. Most notably, this machine demonstrates the risk of user-specified CURL arguments, which still impacts many active services today. HackTheBox Hack The Box
SolidState CTF Writeup Writeup presented by Behind Security as part of the Road to OSCP series, focusing on the SolidState CTF from HackTheBox. SolidState CTF SolidState is a medium difficulty machine that requires chaining of multiple attack vectors in order to get a privileged shell. HackTheBox Hack The Box gives individuals, businesses and universities the
Poison CTF Writeup Writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Poison CTF from HackTheBox. Poison CTF Poison CTF is a machine which focuses mainly on log poisoning and port forwarding/tunneling. The machine is running FreeBSD which presents a few challenges for novice users as many common
Cronos CTF Writeup This is a writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Cronos CTF from HackTheBox. Cronos CTF Cronos CTF focuses mainly on different vectors for enumeration and also emphasizes the risks associated with adding world-writable files to the root crontab. HackTheBox Hack The Box
Popcorn CTF Writeup This is a writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Popcorn CTF from HackTheBox. Popcorn CTF Popcorn, while not overly complicated, contains quite a bit of content and it can be difficult for some users to locate the proper attack vector at first.
Hawk CTF Writeup This is a writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Hawk CTF from HackTheBox. The writeup takes the form of a detailed pentest report. Hawk CTF Hawk CTF is a medium to hard difficulty machine, which provides excellent practice in pentesting Drupal. The
