https://introvertedbytes.com/categories/ctf-write-ups/Recent content in CTF Write-Ups on Introverted BytesHugo -- gohugo.ioen© 2026 Kasyap GirijanSat, 06 Dec 2025 20:30:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/editor/Sat, 06 Dec 2025 20:30:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/editor/A walkthrough for the “Editor” machine on Hack The Box, detailing the exploitation of XWiki RCE (CVE-2025-24893) and leveraging a Netdata ndsudo vulnerability (CVE-2024-32019) for root privilege escalation.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/boardlight/Fri, 27 Sep 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/boardlight/A walkthrough for the “BoardLight” machine on Hack The Box, detailing the steps taken to compromise the target.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/devvortex/Sat, 27 Apr 2024 21:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/devvortex/A solution guide for the “Devvortex” challenge on Hack The Box, covering the exploitation path from user to root.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/codify/Sat, 06 Apr 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/codify/A step-by-step writeup for the “Codify” box on Hack The Box, demonstrating the vulnerabilities exploited to gain access.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/analytics/Sat, 23 Mar 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/analytics/A walkthrough for the “Analytics” machine on Hack The Box, demonstrating how to exploit a Metabase Pre-auth RCE (CVE-2023-38646) and leverage the “GameOverlay” kernel vulnerability to gain root access.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/manager/Sat, 16 Mar 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/manager/A walkthrough for the “Manager” machine on Hack The Box, covering RID cycling and password spraying against MSSQL, retrieving credentials via xp_dirtree, and exploiting AD CS ESC7 to escalate privileges to Domain Admin.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/builder/Fri, 15 Mar 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/builder/A walkthrough for the “Builder” machine on Hack The Box, demonstrating the exploitation of a Jenkins arbitrary file read vulnerability (CVE-2024-23897) to retrieve credentials and the decryption of stored SSH keys via the Script Console for privilege escalation.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/crazyhosting/Sat, 02 Mar 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/crazyhosting/A guide for the “CrazyHosting” machine on Hack The Box, covering how to hijack a user session via exposed Spring Boot Actuator endpoints, achieve command injection for a reverse shell, and escalate privileges using SSH configuration vulnerabilities.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/keeper/Sat, 10 Feb 2024 00:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/keeper/A walkthrough for the “Keeper” machine on Hack The Box, covering default credential exploitation in Request Tracker, extracting a KeePass master password from a memory dump, and converting PuTTY keys to gain root access.https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/broker/Fri, 02 Feb 2024 23:00:00 +0530https://introvertedbytes.com/security/ctf-write-ups/hack-the-box/broker/A walkthrough for the “Broker” machine on Hack The Box, detailing the exploitation of Apache ActiveMQ (CVE-2023-46604) and privilege escalation via a custom Nginx configuration to gain root access.