All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

2026-06-07 Web Easy

Raptor Weekly 6 - 3lectric Igloo - Web

Three flags across a penguin colony web app. Source recon, IDOR enumeration, OS command injection through a diagnostic ping utility, and AES-CBC decryption using keys leaked from the process environment.

recon idor command-injection rce

2026-05-10 Web Easy

Raptor Weekly 2 - ECHELON Web 1 - 1.1 ; OPEN CHANNEL

Chaining HTML comment enumeration to a disallowed robots.txt entry, pivoting through an exposed staging endpoint to recover an operator username, and extracting the portal password from a JSON debug response behind a custom request header.

web recon ECHELON Raptor-Weekly

2026-05-10 Web Medium

Raptor Weekly 2 - ECHELON Web 2 - 3.1 ; PHANTOM NODE

Identifying an anomalous node on a SECRET tier dashboard, exploiting an SSRF vulnerability in the node status endpoint via path traversal and query string termination, and reading an internal data response that seeds the next two challenges.

web ssrf path-traversal ECHELON

2026-05-02 Web Medium

Raptor Weekly 4 - Club Ouroboros - Web

Chaining IDOR vulnerabilities across a five-stage nightclub API to enumerate reservations, wristbands, drink orders, and lockers. Harvesting credentials across each loop until a session identity exploit unlocks the VIP room.

idor enumeration session-manipulation api-chaining

2026-04-27 Web Medium

Raptor Weekly 1 - OMEGA CORP Web 1 - Raptor Riot Incident Response

Chaining prompt injection against an LLM-powered incident portal to extract a diagnostic key, pivoting through SSRF to reach a hidden internal endpoint, and leveraging RCE to comb a Windows filesystem until the flag surfaces in an abandoned exploit's source code.

source-review prompt-injection llm-security ssrf