All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ctf (3) retrospective (3) overview (3) ECHELON (12) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-05-10 Web Easy

Raptor Weekly 2 - ECHELON Web 1 - 1.1 ; OPEN CHANNEL

Chaining HTML comment enumeration to a disallowed robots.txt entry, pivoting through an exposed staging endpoint to recover an operator username, and extracting the portal password from a JSON debug response behind a custom request header.

web recon ECHELON Raptor-Weekly
2026-05-10 JWT Easy

Raptor Weekly 2 - ECHELON JWT 1 - 1.2 ; NOISE FLOOR

Intercepting a JWT delivered in a non-standard HTTP response header, decoding the payload to recover the flag hidden in a custom claim, and recognizing the truncated signing key that will matter again two challenges later.

web crypto jwt ECHELON
2026-05-10 Web Medium

Raptor Weekly 2 - ECHELON Web 2 - 3.1 ; PHANTOM NODE

Identifying an anomalous node on a SECRET tier dashboard, exploiting an SSRF vulnerability in the node status endpoint via path traversal and query string termination, and reading an internal data response that seeds the next two challenges.

web ssrf path-traversal ECHELON
2026-05-10 JWT Medium

Raptor Weekly 2 - ECHELON JWT 2 - 2.3 ; SIGNED

Reconstructing a JWT signing secret from two hex fragments recovered across prior challenges, forging an HS256 token with elevated role claims, and submitting it to a verification endpoint to gain SECRET tier access.

web crypto jwt ECHELON
2026-02-22 Web Easy

WHAMazon! Web 3 - The Review Queue

Exploiting a stored XSS vulnerability in a seller product submission form via an unsanitized image field to steal an admin review token.

xss cross-site-scripting cookie-theft img-tag