Reader - Flagyard Difficulty: Easy Overview: The Reader challenge threads two complementary vulnerabilities into a compact exploit chain. On the one hand, the service exposes an arbitrary file-rea...

Lucky - Flagyard Difficulty: Easy Overview: Lucky chains a stack-reuse bug to force a local variable to attacker-controlled values, allowing bypass of safety checks. That bypass triggers an out-of...

Vulnerability anaylsis and PoC Development for CVE-2024-39930 Introduction Gogs is a lightweight and self-hosted Git service that’s simple to set up and ideal for organizations that prefer to keep...

Vulnerability anaylsis and PoC Development for CVE-2024-42471 Introduction Zip it, unzip it — and boom, you’ve got unintended file writes on your hands. In this post, we dive into a directory tra...

Vulnerability anaylsis and PoC Development for CVE-2024-12905 Introduction The tar-fs npm package is commonly used in JavaScript projects to pack and extract .tar archive files. However, a critica...

Binary Exploitation - Quack Quack Difficulty: Very Easy Overview: Basic file checks The challenge begins with a zip file that we download from the HTB website. Here’s a breakdown of its contents:...

How I Discovered Vulnerabilities in Simple Online Planning v1.53.00 Introduction Ever come across an old vulnerability and wonder, “What else could be lurking in there?” That’s exactly what happe...

Binary Exploitation - Bad Grades Difficulty: Easy Overview: This challenge presents a classic binary exploitation scenario centered on a buffer overflow vulnerability due to an out-of-bounds write...

CDNio - HackTheBox To be released soon

Etceterad - echoCTF Information Gathering And Enumeration Let’s us first start off by firing up nmap to discover open ports and running services on our target. mcsam@0x32:~/$ sudo nmap -vvv 10.0...