Redcross has a bit of everything: Cross-Site Scripting, a little bit of SQL injection, reviewing C source code to find a command injection vulnerability, light exploit modification and enumeration.
linux xss sqli command injection pgsql cve nssThis is the writeup for Vault, a machine with pivoting across different network segments.
linux php openvpn firewall pivoting gpgThis is the writeup for Curling, a pretty easy box with Joomla running. We can log in after doing basic recon and some educated guessing of the password.
joomla ctf cron php easyThis is the writeup for Frolic, a CTF-like machine with esoteric programming languages and a nice priv esc that requires binary exploitation.
metasploit esoteric language ctf rop buffer overflow binary exploitationThis is the writeup for Carrier, a Linux machine I created for Hack the Box requiring some networking knowledge to perform MITM with BGP prefix hijacking.
networking lxc containers bgp command injection php snmp mitmThis is the writeup for Ethereal, a very difficult Windows machine that I solved using the unintented rotten potato method before the box was patched by the HTB staff.
ms-dos dns exfiltration command injection rotten potato unintended efsThis is the writeup for Access, a Windows machine involving some enumeration of an Access DB, an Outlook PST and a priv esc using Windows Credential Manager.
telnet windows access outlook credential managerThis is the writeup for Zipper, a Linux box running the Zabbix network monitoring software inside a docker container.
linux zabbix api suidThis is the writeup for Giddy, a Windows machine with an interesting twist on SQL injection, PowerShell Web Access and a priv exploiting improper permissions.
sqli powershellThis is the writeup for Ypuffy, an OpenBSD machine from Hack the Box involving a somewhat easy shell access followed by a privesc using CA signed SSH keys.
openbsd ssh pass-the-hash ldap ca