Netmon is an Easy Windows box featuring PRTG Network Monitor. Initial access gained through anonymous FTP, revealing sensitive configuration files. Credentials recovered from backup files enabled a...

We joined CYNX CTF 2026 and solved challenges from both Boot2Root and Web categories. This writeup includes exploiting react2shell and a vulnerable n8n instance, both leading to remote code executi...

Exploited an outdated HTTP file server to gain initial access, then used a Windows kernel vulnerability to escalate privileges from standard user to SYSTEM. Multiple exploitation methods demonstrat...

This challenge involved exploiting Kubernetes misconfigurations to capture 3 flags. The web app had a command injection vulnerability allowing RCE, and we used the pre-installed kubectl binary to n...

My second Windows box on HTB, which deepened my understanding of Windows privilege escalation techniques. Learning how Churrasco exploits SeImpersonatePrivilege to steal SYSTEM tokens (like stealin...

This was my first Windows machine on HTB, building foundational knowledge of Windows exploitation. The key learning was bypassing WebDAV file upload restrictions using the PUT → MOVE technique to u...

This is an easy Windows machine with Apache Tomcat running on port 8080. Default and weak credentials allow access to the Tomcat Manager. By uploading a simple WAR reverse shell, we get a system-le...

This CTF focused heavily on digital forensics, malware analysis, incident response, and reverse engineering. The challenges involved analyzing compromised systems, memory dumps, malicious documents...

I will update more on some other challenges i solved which in misc, forensic and osint category! (edited: Change my mind, maybe there wont be any updates for other challenges…) Web Agent Jonathan...

SherpaCTF 2025 was an offline CTF competition where we received an .ova file containing a virtual machine. The challenge was unique - no digital notes were allowed during the competition. However, ...