Pwn :: X3ric Blog

Pwn :: X3ric Bloghttps://x3ric.com/blog/tags/pwn/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200HackTheBox TicTacToed Challengehttps://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/https://x3ric.com/blog/posts/HackTheBox-TicTacToed-Challenge/Sat, 06 Jun 2026 00:00:00 +0200challengehtbpwnbofformat-stringheapEnter the challenge flag to unlock this writeup.Binary Exploitationhttps://x3ric.com/blog/posts/Binary-Exploitation/https://x3ric.com/blog/posts/Binary-Exploitation/Tue, 04 Feb 2025 04:10:00 +0800notesnoteslinuxpwnAssembly Overview Assembly language is a low-level programming language that translates high-level code into machine instructions. Registers temporarily hold data and facilitate operations.HackTheBox Rebuilding Challengehttps://x3ric.com/blog/posts/HackTheBox-Rebuilding-Challenge/https://x3ric.com/blog/posts/HackTheBox-Rebuilding-Challenge/Thu, 23 Jan 2025 09:20:00 +0800challengehtbpwnlinuxRebuilding: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Under the web Challengehttps://x3ric.com/blog/posts/HackTheBox-Under-the-web-Challenge/https://x3ric.com/blog/posts/HackTheBox-Under-the-web-Challenge/Sat, 11 Jan 2025 09:20:00 +0800challengehtbpwnlinuxEnter the challenge flag to unlock this writeup.HackTheBox Vault-breaker Challengehttps://x3ric.com/blog/posts/HackTheBox-Vault-breaker-Challenge/https://x3ric.com/blog/posts/HackTheBox-Vault-breaker-Challenge/Tue, 17 Dec 2024 09:20:00 +0800challengehtbpwnlinuxVault-breaker: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Getting Started Challengehttps://x3ric.com/blog/posts/HackTheBox-Getting-Started-Challenge/https://x3ric.com/blog/posts/HackTheBox-Getting-Started-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxGetting Started: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox Questionnaire Challengehttps://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/https://x3ric.com/blog/posts/HackTheBox-Questionnaire-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnbofformat-stringcanarylinuxQuestionnaire: use the format-string bug for a leak or write, then redirect execution to the flag path.HackTheBox Space Pirate Going Deeper Challengehttps://x3ric.com/blog/posts/HackTheBox-Space-Pirate-Going-Deeper-Challenge/https://x3ric.com/blog/posts/HackTheBox-Space-Pirate-Going-Deeper-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnlinuxSpace Pirate Going Deeper: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Wizard's Diary Challengehttps://x3ric.com/blog/posts/HackTheBox-Wizards-Diary-Challenge/https://x3ric.com/blog/posts/HackTheBox-Wizards-Diary-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxWizard's Diary: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox Writing on the Wall Challengehttps://x3ric.com/blog/posts/HackTheBox-Writing-on-the-Wall-Challenge/https://x3ric.com/blog/posts/HackTheBox-Writing-on-the-Wall-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbpwnlinuxWriting on the Wall: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Entity Challengehttps://x3ric.com/blog/posts/HackTheBox-Entity-Challenge/https://x3ric.com/blog/posts/HackTheBox-Entity-Challenge/Wed, 11 Dec 2024 09:20:00 +0800challengehtbpwnlinuxEntity: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Pixel Audio Challengehttps://x3ric.com/blog/posts/HackTheBox-Pixel-Audio-Challenge/https://x3ric.com/blog/posts/HackTheBox-Pixel-Audio-Challenge/Wed, 11 Dec 2024 09:20:00 +0800challengehtbpwnlinuxPixel Audio: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox RaceCar Challengehttps://x3ric.com/blog/posts/HackTheBox-RaceCar-Challenge/https://x3ric.com/blog/posts/HackTheBox-RaceCar-Challenge/Wed, 11 Dec 2024 09:20:00 +0800challengehtbpwnformat-stringlinuxRaceCar: use the format-string bug for a leak or write, then redirect execution to the flag path.HackTheBox El Mundo Challengehttps://x3ric.com/blog/posts/HackTheBox-El-Mundo-Challenge/https://x3ric.com/blog/posts/HackTheBox-El-Mundo-Challenge/Mon, 09 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxEl Mundo: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox El Pipo Challengehttps://x3ric.com/blog/posts/HackTheBox-El-Pipo-Challenge/https://x3ric.com/blog/posts/HackTheBox-El-Pipo-Challenge/Mon, 09 Dec 2024 09:20:00 +0800challengehtbpwnboflinuxEl Pipo: calculate the overflow offset, redirect control flow, and land a reliable flag read.HackTheBox Kernel Adventures 2 Challengehttps://x3ric.com/blog/posts/HackTheBox-Kernel-Adventures-2-Challenge/https://x3ric.com/blog/posts/HackTheBox-Kernel-Adventures-2-Challenge/Tue, 03 Dec 2024 09:20:00 +0800challengehtbpwnshellcodelinuxKernel Adventures 2: build the shellcode path, control execution, and read the flag.HackTheBox Execute Challengehttps://x3ric.com/blog/posts/HackTheBox-Execute-Challenge/https://x3ric.com/blog/posts/HackTheBox-Execute-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbpwnbofshellcodelinuxEnter the challenge flag to unlock this writeup.HackTheBox El Teteo Challengehttps://x3ric.com/blog/posts/HackTheBox-El-Teteo-Challenge/https://x3ric.com/blog/posts/HackTheBox-El-Teteo-Challenge/Sat, 23 Nov 2024 09:20:00 +0800challengehtbpwnshellcodelinuxEl Teteo: build the shellcode path, control execution, and read the flag.HackTheBox Mathematricks Challengehttps://x3ric.com/blog/posts/HackTheBox-Mathematricks-Challenge/https://x3ric.com/blog/posts/HackTheBox-Mathematricks-Challenge/Sat, 23 Nov 2024 09:20:00 +0800challengehtbpwnlinuxMathematricks: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Que Onda Challengehttps://x3ric.com/blog/posts/HackTheBox-Que-Onda-Challenge/https://x3ric.com/blog/posts/HackTheBox-Que-Onda-Challenge/Sat, 23 Nov 2024 09:20:00 +0800challengehtbpwnlinuxQue Onda: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox Regularity Challengehttps://x3ric.com/blog/posts/HackTheBox-Regularity-Challenge/https://x3ric.com/blog/posts/HackTheBox-Regularity-Challenge/Sat, 23 Nov 2024 09:20:00 +0800challengehtbpwnlinuxRegularity: build the exploit primitive, stabilize the payload, and use it to read the flag.HackTheBox SpellBrewery Challengehttps://x3ric.com/blog/posts/HackTheBox-SpellBrewery-Challenge/https://x3ric.com/blog/posts/HackTheBox-SpellBrewery-Challenge/Sat, 23 Nov 2024 09:20:00 +0800challengehtbpwnlinuxSpellBrewery: build the exploit primitive, stabilize the payload, and use it to read the flag.TryHackMe DearQA Challengehttps://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/Fri, 28 Jun 2024 01:20:00 +0800challengethmpwnbofformat-stringheapshellcodelinuxDearQA: shape the heap state, gain the needed write or leak, and pivot to flag access.