https://x3ric.com/blog/tags/thm/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200https://x3ric.com/blog/posts/TryHackMe-Brains/https://x3ric.com/blog/posts/TryHackMe-Brains/Thu, 10 Oct 2024 09:20:00 +0800machinethmlinuxcve-2024-27198Brains: use CVE-2024-27198 where it fits the service, gain a shell, and escalate to root.https://x3ric.com/blog/posts/TryHackMe-Flip-Challenge/https://x3ric.com/blog/posts/TryHackMe-Flip-Challenge/Thu, 03 Oct 2024 09:20:00 +0800challengethmcryptoaesxorFlip: abuse the AES misuse, derive the missing key material, and decrypt the flag.https://x3ric.com/blog/posts/TryHackMe-Prioritise/https://x3ric.com/blog/posts/TryHackMe-Prioritise/Thu, 03 Oct 2024 09:20:00 +0800machinethmlinuxPrioritise: enumerate the services, turn the exposed weakness into a shell, and escalate to root.https://x3ric.com/blog/posts/TryHackMe-Pyrat/https://x3ric.com/blog/posts/TryHackMe-Pyrat/Thu, 03 Oct 2024 09:20:00 +0800machinethmlinuxPyrat: enumerate the services, turn the exposed weakness into a shell, and escalate to root.https://x3ric.com/blog/posts/TryHackMe-SQHell-Challenge/https://x3ric.com/blog/posts/TryHackMe-SQHell-Challenge/Fri, 16 Aug 2024 23:20:00 +0800challengethmwebsql-injectionSQHell: exploit the SQL injection, extract the needed data, and reach the flag.https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/https://x3ric.com/blog/posts/TryHackMe-DearQA-Challenge/Fri, 28 Jun 2024 01:20:00 +0800challengethmpwnbofformat-stringheapshellcodelinuxDearQA: shape the heap state, gain the needed write or leak, and pivot to flag access.https://x3ric.com/blog/posts/TryHackMe-Blog/https://x3ric.com/blog/posts/TryHackMe-Blog/Thu, 13 Jun 2024 03:20:00 +0800machinethmwindowslinuxwordpressBlog: abuse the WordPress foothold, stabilize the shell, and escalate through the local weakness.