https://x3ric.com/blog/tags/path-traversal/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200https://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/https://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/Tue, 23 Sep 2025 00:20:00 +0800challengehtbwebssrfpath-traversalfile-uploadrceflaskCachedWeb: chain SSRF with path control to reach the internal target and read the flag.https://x3ric.com/blog/posts/HackTheBox-NextPath-Challenge/https://x3ric.com/blog/posts/HackTheBox-NextPath-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebpath-traversalEnter the challenge flag to unlock this writeup.https://x3ric.com/blog/posts/HackTheBox-Jscalc-Challenge/https://x3ric.com/blog/posts/HackTheBox-Jscalc-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebpath-traversalJscalc: use path traversal to escape the intended read path and recover the flag.https://x3ric.com/blog/posts/HackTheBox-Prying-Eyes-Challenge/https://x3ric.com/blog/posts/HackTheBox-Prying-Eyes-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebpath-traversalfile-uploadPrying Eyes: use path traversal to escape the intended read path and recover the flag.https://x3ric.com/blog/posts/HackTheBox-TimeKORP-Challenge/https://x3ric.com/blog/posts/HackTheBox-TimeKORP-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebpath-traversalTimeKORP: use path traversal to escape the intended read path and recover the flag.