Ctf

In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.

An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI) — from classic payloads to modern bypasses, straight from HTB Academy labs.

Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.