· 22 min insane Linux Brainfuck
HTB: Brainfuck
A six-step attack chain across WordPress, SMTP, POP3, a Flarum forum with Vigenere encryption, SSH key cracking, and RSA cryptanalysis delivers the root flag without ever gaining a root shell.
#htb
#linux
#wordpress
#smtp +4
· 17 min medium Linux Lazy
HTB: Lazy
A padding oracle in a custom PHP authentication cookie enables CBC bit-flipping to forge admin access, exposing an SSH key. A SUID binary with a relative PATH call to cat completes the root chain.
#htb
#linux
#padding-oracle
#crypto +2