My solutions, methodology, and notes from CTF competitions, HackTheBox, and TryHackMe
I document everything I learn. These writeups are my field notes.
writeups/
├── hackthebox/ # HackTheBox machine writeups
├── tryhackme/ # TryHackMe room writeups
└── ctftime/ # CTF competition writeups
Each writeup covers:
- Enumeration — what I found and how
- Foothold — initial access method
- Privilege Escalation — how I got root/SYSTEM
- Key Lessons — what I learned from this box
Writeups added after machines retire (to respect HTB rules).
| Machine | OS | Difficulty | Tags |
|---|---|---|---|
| (coming soon) |
| Room | OS | Difficulty | Tags |
|---|---|---|---|
| Blue | Windows | Easy | eternalblue ms17-010 metasploit |
| RootMe | Linux | Easy | file-upload filter-bypass suid |
| Kenobi | Linux | Easy | smb proftpd nfs path-hijacking |
| Bounty Hacker | Linux | Easy | ftp hydra sudo tar |
| Simple CTF | Linux | Easy | sqli cms sudo vim |
| Pickle Rick | Linux | Easy | web rce sudo |
| Agent Sudo | Linux | Easy | steganography hydra cve-2019-14287 |
| Event | Year | Category | Challenge |
|---|---|---|---|
| (coming soon) |
Every box I do follows the same methodology:
- Recon — Nmap full port scan, service enumeration
- Web — Directory brute force, tech fingerprinting, manual testing
- Exploit — Research CVEs, test exploits, custom scripts if needed
- Post-Exploit — Local enum, privesc vectors, root/SYSTEM
- Document — Write up everything, including dead ends
Tools I use on every engagement:
# Wordlists
/usr/share/wordlists/rockyou.txt
/usr/share/wordlists/SecLists/
# Recon
nmap, gobuster, ffuf, feroxbuster
# Exploitation
metasploit, searchsploit, burpsuite
# Privesc
linpeas.sh, winpeas.exe, pspy64
# AD
bloodhound, impacket, crackmapexec