Rce :: X3ric Blog

Rce :: X3ric Bloghttps://x3ric.com/blog/tags/rce/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200HackTheBox CachedWeb Challengehttps://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/https://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/Tue, 23 Sep 2025 00:20:00 +0800challengehtbwebssrfpath-traversalfile-uploadrceflaskCachedWeb: chain SSRF with path control to reach the internal target and read the flag.HackTheBox Amidst Us Challengehttps://x3ric.com/blog/posts/HackTheBox-Amidst-Us-Challenge/https://x3ric.com/blog/posts/HackTheBox-Amidst-Us-Challenge/Fri, 28 Feb 2025 00:20:00 +0800challengehtbwebrceAmidst Us: find the command execution path, trigger it cleanly, and read the flag.HackTheBox Letter Dispair Challengehttps://x3ric.com/blog/posts/HackTheBox-Letter-Dispair-Challenge/https://x3ric.com/blog/posts/HackTheBox-Letter-Dispair-Challenge/Fri, 28 Feb 2025 00:20:00 +0800challengehtbwebrcephpcve-2016-10045Letter Dispair: find the command execution path, trigger it cleanly, and read the flag.HackTheBox Interstellar Challengehttps://x3ric.com/blog/posts/HackTheBox-Interstellar-Challenge/https://x3ric.com/blog/posts/HackTheBox-Interstellar-Challenge/Fri, 24 Jan 2025 00:20:00 +0800challengehtbwebsql-injectionssrfrcephpEnter the challenge flag to unlock this writeup.HackTheBox Breathtaking View Challengehttps://x3ric.com/blog/posts/HackTheBox-Breathtaking-View-Challenge/https://x3ric.com/blog/posts/HackTheBox-Breathtaking-View-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebtemplate-injectionrceEnter the challenge flag to unlock this writeup.HackTheBox Pentest Notes Challengehttps://x3ric.com/blog/posts/HackTheBox-Pentest-Notes-Challenge/https://x3ric.com/blog/posts/HackTheBox-Pentest-Notes-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebsql-injectionrceEnter the challenge flag to unlock this writeup.HackTheBox ScreenCrack Challengehttps://x3ric.com/blog/posts/HackTheBox-ScreenCrack-Challenge/https://x3ric.com/blog/posts/HackTheBox-ScreenCrack-Challenge/Tue, 03 Dec 2024 09:20:00 +0800challengehtbwebssrfrcephpEnter the challenge flag to unlock this writeup.HackTheBox C.O.P Challengehttps://x3ric.com/blog/posts/HackTheBox-C.O.P-Challenge/https://x3ric.com/blog/posts/HackTheBox-C.O.P-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebsql-injectiondeserializationrceC.O.P: exploit the SQL injection, extract the needed data, and reach the flag.HackTheBox Toxic Challengehttps://x3ric.com/blog/posts/HackTheBox-Toxic-Challenge/https://x3ric.com/blog/posts/HackTheBox-Toxic-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebdeserializationrcephpToxic: abuse unsafe deserialization to cross the trust boundary and reach the flag.