Bof :: X3ric Blog

Bof :: X3ric Bloghttps://x3ric.com/blog/tags/bof/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200HackTheBox TicTacToed Challengehttps://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/https://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/Sat, 06 Jun 2026 00:00:00 +0200challengehtbpwnbofformat-stringheapEnter the challenge flag to unlock this writeup.HackTheBox Getting Started Challengehttps://x3ric.com/blog/posts/HackTheBox-Getting-Started-Challenge/https://x3ric.com/blog/posts/HackTheBox-Getting-Started-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxGetting Started: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox Questionnaire Challengehttps://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/https://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnbofformat-stringcanarylinuxQuestionnaire: use the format-string bug for a leak or write, then redirect execution to the flag path.HackTheBox Wizard's Diary Challengehttps://x3ric.com/blog/posts/HackTheBox-Wizards-Diary-Challenge/https://x3ric.com/blog/posts/HackTheBox-Wizards-Diary-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxWizard's Diary: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox El Mundo Challengehttps://x3ric.com/blog/posts/HackTheBox-El-Mundo-Challenge/https://x3ric.com/blog/posts/HackTheBox-El-Mundo-Challenge/Mon, 09 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxEl Mundo: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox El Pipo Challengehttps://x3ric.com/blog/posts/HackTheBox-El-Pipo-Challenge/https://x3ric.com/blog/posts/HackTheBox-El-Pipo-Challenge/Mon, 09 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxEl Pipo: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox Execute Challengehttps://x3ric.com/blog/posts/HackTheBox-Execute-Challenge/https://x3ric.com/blog/posts/HackTheBox-Execute-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbpwnbofshellcodelinuxEnter the challenge flag to unlock this writeup.TryHackMe DearQA Challengehttps://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/Fri, 28 Jun 2024 01:20:00 +0800challengethmpwnbofformat-stringheapshellcodelinuxDearQA: shape the heap state, gain the needed write or leak, and pivot to flag access.