tag

Htb

373 posts
pwn

Regularity

Linux

Regularity: build the exploit primitive, stabilize the payload, and use it to read the flag.

pwn

SpellBrewery

Linux

SpellBrewery: build the exploit primitive, stabilize the payload, and use it to read the flag.

hardware

yoU ART

Firmware+1

yoU ART: decode the captured signal, map the bitstream, and recover the flag.

machinemachine

Administrator

Windows+4

Administrator: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

crypto

Binary Basis

Binary Basis: model the crypto leak, recover the missing secret, and decrypt the flag.

crypto

Brevi Moduli

RSA+1

Brevi Moduli: turn the RSA leak into a lattice recovery, rebuild the secret values, and decrypt the flag.

crypto

Hybrid Unifier

AES+1

Hybrid Unifier: abuse the AES misuse, derive the missing key material, and decrypt the flag.

crypto

Inizialization

AES+1

Inizialization: abuse the AES misuse, derive the missing key material, and decrypt the flag.

crypto

Read Before You Sign

Read Before You Sign: model the crypto leak, recover the missing secret, and decrypt the flag.

crypto

Sekur Julius

PRNG

Sekur Julius: reconstruct the PRNG state from the leak, replay it, and recover the flag.

crypto

SPG

AES+2

SPG: reconstruct the generator state, derive the AES material, and decrypt the final ciphertext.

crypto

Sugar Free Candies

Sugar Free Candies: model the crypto leak, recover the missing secret, and decrypt the flag.

machinemachine

Certified

Windows+4

Certified: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

web

Feedback Flux

XSS+1

Feedback Flux: use the client-side injection path to steal the needed proof and recover the flag.

machinemachine

Blazorized

Windows+4

Blazorized: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

machinemachine

Epsilon

Linux

Epsilon: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

crypto

Secure Singning

Xor+1

Secure Singning: derive the XOR key stream, invert the transform, and recover the flag.

rev

Shattered Tablet

Ghidra+1

Shattered Tablet: trace the binary, isolate the validation routine, and invert it to recover the flag.

machinemachine

Mist

Windows+5

Mist: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

machinemachine

Axlle

Windows+5

Axlle: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

machinemachine

Beep

Linux

Beep: use CVE-2012-4869 where it fits the service, gain a shell, and escalate to root.

machinemachine

MagicGardens

Linux+1

MagicGardens: turn the exposed service into a shell, pivot through the container boundary, and escalate to root.