Walkthroughs of Capture The Flag challenges covering web exploitation, privilege escalation, forensics, network attacks, and more.
No writeups match your filters.
Try adjusting your search or hit RESET ALL.
FTP anonymous login exposes a credential list which is used to brute force a hidden login page discovered via directory busting.
READ WRITEUP WEB / SQL INJECTIONClassic SQL injection login bypass using MySQL comment syntax to authenticate as admin without a valid password.
READ WRITEUP DATABASE / ENUMERATIONUnauthenticated MySQL access allows direct database enumeration — flag retrieved via basic SQL queries against the htb database.
READ WRITEUP NETWORK / ENUMERATIONSMB anonymous access to a file share exposes user directories — flag retrieved by navigating and downloading from an accessible share.
READ WRITEUP