CTF write-ups
Hack The Box, Proving Grounds, TryHackMe, and other CTF-style walkthroughs.
PG • CTF • Access • Write-Up
Published: at 12:36 PMProving Grounds CTF - Access. File upload vulnerability, Kerberoasting, and SeManageVolumePrivilege abuse.
PG • CTF • Heist • Write-Up
Published: at 12:36 PMProving Grounds Heist write-up: turn a URL feature into SSRF, capture an NTLMv2 hash with Responder, abuse a gMSA password reader and finish with SeRestorePrivilege.
PG • CTF • Hutch • Write-Up
Published: at 12:36 PMProving Grounds Hutch write-up: from LDAP user discovery to abusing WebDAV uploads for ASPX RCE, and finally using LAPS to read back the local Administrator password.
PG • CTF • Nagoya • Write-Up
Published: at 12:36 PMProving Grounds CTF - Nagoya. SMB enumeration, Kerberoasting, MSSQL enumeration, Silver Ticket, and token abuse.