CTF WriteUps

Solved CTFs

TryHackMe — Silver Platter

Web exploitation | Misconfiguration | Privilege escalation

Enumerated exposed services, leveraged weak file permissions and a misconfigured web app to obtain a foothold, then escalated via a writable service script.

View on GitHub

TryHackMe — Advent of Cyber 2024

Mixed challenges | Web | Forensics | Crypto

Daily challenge summaries including methodology, key commands, and flags. Focus on practical techniques across web, forensics, and basic cryptography.

View on GitHub

TryHackMe — API Wizards Breach

API security | Auth | Injection

Mapped endpoints with documentation fuzzing, exploited authentication flaws and parameter tampering to extract sensitive data. Mitigations and secure patterns provided.

View on GitHub

TryHackMe — Publisher

CMS | RCE | File upload

Abused a CMS plugin upload to achieve code execution, pivoted to system access, and captured flags. Includes enumeration checklists and detection notes.

View on GitHub

TryHackMe — MR Robot CTF

Linux | WordPress | Enumeration

Discovered WordPress creds via dictionary attack, reused credentials for lateral movement, and escalated via vulnerable service binaries.

View on GitHub

TryHackMe — Lo‑Fi

Web | Enumeration | Logic flaws

Identified hidden endpoints and weak access controls, chained minor logic issues to extract secrets and escalate access.

View on GitHub

TryHackMe — The Sticker Shop

Web | IDOR | Session

Abused insecure direct object references and weak session handling to access protected resources. Includes remediation guidelines.

View on GitHub

TryHackMe — Pickle Rick

Linux | Sudo | Enumeration

Enumerated web app for credentials, leveraged sudo misconfigurations to root the host. Clear, step-by-step methodology with commands.

View on GitHub