All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ctf (3) retrospective (3) overview (3) ECHELON (12) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-04-27 Web Medium

Raptor Weekly 1 - OMEGA CORP Web 1 - Raptor Riot Incident Response

Chaining prompt injection against an LLM-powered incident portal to extract a diagnostic key, pivoting through SSRF to reach a hidden internal endpoint, and leveraging RCE to comb a Windows filesystem until the flag surfaces in an abandoned exploit's source code.

source-review prompt-injection llm-security ssrf
2026-03-01 Web Insane

DEADROP Web 6 - weather.control.deadrop

A three-stage vulnerability chain - SQL injection to bypass authentication, IDOR to steal an admin API key from another operator's report, then command injection via the weather query endpoint to achieve RCE and read the flag.

sqli auth-bypass idor command-injection
2026-02-28 Pentest Hard

DarkNet Services Penetration Test

Four-machine /24 network compromise, chaining SQLi, SSTI, SMB enumeration, SNMP credential extraction, LD_PRELOAD privesc, and PHP deserialization RCE to root all hosts, then hijacking a live Cloudflare-tunneled domain by replacing its Flask backend with a socat proxy to the defaced web server.

sqli ssti jinja2 rce
2026-02-23 Web Medium

WHAMazon! Web 6 - Health & Safety

Exploiting an unsanitized target parameter in an admin health-check endpoint to achieve remote code execution and traverse the filesystem for a hidden flag.

command-injection rce os-shell api