writeups
16 writeups
all
cve
ctf
other
HTB — WingData
Wing FTP Server RCE via CVE-2025-47812, SHA-256 salted hash cracking from FTP user files for SSH access, an...
HTB — VariaType
Exposed .git directory leaks hardcoded credentials, directory traversal via filter bypass reveals server la...
HTB — Silentium
Flowise account takeover via unauthenticated password reset token leak, RCE via CVE-2025-59528 JavaScript i...
HTB — Pterodactyl
Pterodactyl Panel RCE via CVE-2025-49132, MySQL TCP vs socket auth quirk to extract bcrypt hashes, SSH acce...
HTB — Overwatch
Active Directory enumeration, SMB share analysis, .NET binary decompilation revealing hardcoded credentials...
HTB — Kobold
Arcane Docker Management CVE-2026-23520 command injection for initial access, followed by a Docker group pr...
HTB — Interpreter
Mirth Connect 4.4.0 RCE via CVE-2023-43208, PBKDF2 hash cracking to pivot to sedric, then privilege escalat...
HTB — Facts
Camaleon CMS mass assignment privilege escalation, AWS S3 credential harvesting, SSH private key extraction...
HTB — DevArea
Anonymous FTP exposing a JAR file, Apache CXF SSRF for arbitrary file read via CVE-2022-46364, HoverFly ser...
HTB — CCTV
Default credentials on ZoneMinder, boolean SQL injection to dump bcrypt hashes, hash cracking for SSH acces...
CVE-2026-32746
A breakdown of CVE-2026-32746, a CVSS 9.8 unauthenticated pre-auth RCE in GNU inetutils telnetd caused by a...
Cap
IDOR vulnerability on a security dashboard exposes a pcap containing plaintext FTP credentials, leading to ...
Ni8mare — CVE-2026-21858
A breakdown of CVE-2026-21858, a CVSS 10.0 unauthenticated RCE vulnerability in n8n caused by Content-Type ...
Pwning the Protector — CVE-2025-69258
A breakdown of CVE-2025-69258, an unauthenticated RCE vulnerability in Trend Micro Apex Central caused by m...
React2Shell — CVE-2025-55182
A breakdown of CVE-2025-55182, a CVSS 10.0 unauthenticated RCE vulnerability.
WSUS RCE — CVE-2025-59287
A breakdown of CVE-2025-59287, a CVSS 9.8 unauthenticated RCE vulnerability in Windows Server Update Servic...