HTB Headless CTF Writeup This comprehensive document unveils a range of vulnerabilities from medium to extreme severity within the HTB Headless CTF environment. Fig. 01: HTB Headless CTF banner image Executive Summary Overview The pentest conducted on the Headless CTF platform has uncovered multiple critical security vulnerabilities. These vulnerabilities span from blind Cross-Site Scripting (XSS) […]
Registry CTF Writeup The challenge calls for the exploitation of various security weaknesses, including the use of default credentials, exposure of sensitive information through docker images, and cracking of database passwords to gain unauthorized access. Additionally, it tests our ability to perform both horizontal and vertical privilege escalations by exploiting system misconfigurations and known software
Jarvis CTF Writeup Jarvis CTF Jarvis is a medium-level Linux challenge featuring a web server with SQL injection vulnerability. Exploiting this leads to initial access. Privilege escalation involves executing a script as another user and exploiting an SUID bit set on systemctl to gain root access. HackTheBox Hack The Box gives individuals, businesses and universities
SolidState CTF Writeup Writeup presented by Behind Security as part of the Road to OSCP series, focusing on the SolidState CTF from HackTheBox. SolidState CTF SolidState is a medium difficulty machine that requires chaining of multiple attack vectors in order to get a privileged shell. HackTheBox Hack The Box gives individuals, businesses and universities the
Poison CTF Writeup Writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Poison CTF from HackTheBox. Poison CTF Poison CTF is a machine which focuses mainly on log poisoning and port forwarding/tunneling. The machine is running FreeBSD which presents a few challenges for novice users as many common
Devel CTF Writeup This is a writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Devel CTF from HackTheBox. Devel CTF Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available exploits.
Sunday CTF: My Great Vacation This is a writeup presented by Behind Security as part of the Road to OSCP series, focusing on the Sunday CTF from HackTheBox. The writeup takes the form of a detailed pentest report. Sunday CTF Sunday CTF is a fairly simple machine, however it uses fairly old software and can be
Exploring Blocky CTF: An Attack Vector on Minecraft This is a writeup presented by Behind Security as part of the OSCP Roadmap series, focusing on the Blocky CTF from HackTheBox. The writeup takes the form of a detailed pentest report. Blocky CTF This challenge showcases the dangers of poor password practices and the exposure of
An Attack Vector on Minecraft: Exploring Blocky CTF Read More »
