Thm :: X3ric Blog

machinemachine

Brains

2024-10-10

Brains: use CVE-2024-27198 where it fits the service, gain a shell, and escalate to root.

crypto

2024-10-03

Flip: abuse the AES misuse, derive the missing key material, and decrypt the flag.

machinemachine

2024-10-03

Prioritise: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

machinemachine

2024-10-03

Pyrat: enumerate the services, turn the exposed weakness into a shell, and escalate to root.

web

2024-08-16

SQHell: exploit the SQL injection, extract the needed data, and reach the flag.

pwn

2024-06-28

DearQA: shape the heap state, gain the needed write or leak, and pivot to flag access.

machinemachine

2024-06-13

Blog: abuse the WordPress foothold, stabilize the shell, and escalate through the local weakness.