{"id":31827808,"url":"https://github.com/achnouri/ctf-challenges-write-ups","last_synced_at":"2026-02-18T11:32:25.757Z","repository":{"id":287118578,"uuid":"962980590","full_name":"achnouri/CTF-Challenges-Write-ups","owner":"achnouri","description":"This repository is a collection of detailed write-ups for CTF challenges/machines/... that i have solved across different cybersecurity training platforms","archived":false,"fork":false,"pushed_at":"2026-01-09T00:36:44.000Z","size":49,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-31T15:59:45.651Z","etag":null,"topics":["capture-the-flag","cryptography","ctf","ctf-challenges","ctf-writeups","cybersecurity","hacking","hacking-tools","hackthebox","offensive-security","osint","pentesting","red-team","reversing","scanning","security","testing","tryhackme","vulnerabilities","web"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/achnouri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-09T01:14:54.000Z","updated_at":"2026-01-09T00:36:47.000Z","dependencies_parsed_at":"2025-09-26T07:05:51.772Z","dependency_job_id":"0fc6a7b2-2b79-4b3f-b6f9-2d80f34fa899","html_url":"https://github.com/achnouri/CTF-Challenges-Write-ups","commit_stats":null,"previous_names":["achnouri/ctf_writeup","achnouri/ctf_challenges-writeup","achnouri/ctf-challenges-write-ups"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/achnouri/CTF-Challenges-Write-ups","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/achnouri%2FCTF-Challenges-Write-ups","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/achnouri%2FCTF-Challenges-Write-ups/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/achnouri%2FCTF-Challenges-Write-ups/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/achnouri%2FCTF-Challenges-Write-ups/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/achnouri","download_url":"https://codeload.github.com/achnouri/CTF-Challenges-Write-ups/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/achnouri%2FCTF-Challenges-Write-ups/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29577879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T08:38:15.585Z","status":"ssl_error","status_checked_at":"2026-02-18T08:38:14.917Z","response_time":162,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capture-the-flag","cryptography","ctf","ctf-challenges","ctf-writeups","cybersecurity","hacking","hacking-tools","hackthebox","offensive-security","osint","pentesting","red-team","reversing","scanning","security","testing","tryhackme","vulnerabilities","web"],"created_at":"2025-10-11T19:18:47.669Z","updated_at":"2026-02-18T11:32:20.734Z","avatar_url":"https://github.com/achnouri.png","language":null,"readme":"# 🚩 [α΄„α΄›κœ°] | α΄„Κœα΄€ΚŸΚŸα΄‡Ι΄Ι’α΄‡κœ± - α΄α΄€α΄„ΚœΙͺΙ΄α΄‡κœ± - ΚŸα΄€Κ™κœ± | α΄‘Κ€Ιͺᴛᴇ-ᴜᴘꜱ\n\n\u003e Collection of challenges, machines, write-ups, flags, labs and general cybersecurity practice.\n\n---\n\n\n## πŸ“‚ DEADFACE CTF 2025 \n\n**Platform :** https://ctf.deadface.io\n\n| Challenge | Category | Value | Solved at | Write-up |\n| ---------- | ---------- | ------ | ---------- | ---------- |\n| Tell No One | Stolen Secrets | 100 | October 27th, 12:22:46 AM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Undervalued | EpicSales | 400 | October 26th, 10:46:58 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Big Spender | EpicSales | 210 | October 26th, 10:41:35 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Silent Buyers | EpicSales | 100 | October 26th, 10:30:42 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Versions | Stolen Secrets | 10 | October 26th, 10:13:11 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| High Value Targets | EpicSales | 50 | October 26th, 7:29:06 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Low Stock | EpicSales | 50 | October 26th, 7:18:08 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| 5 Stars | EpicSales | 30 | October 26th, 7:09:28 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Promo Code | EpicSales | 25 | October 26th, 7:02:56 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Lay of the Land | Hostbusters | 70 | October 26th, 12:37:27 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Secret Stash | Hostbusters | 8 | October 26th, 12:12:29 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Let Me In | Hostbusters | 5 | October 26th, 12:11:11 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Double Decode | Steganography | 75 | October 26th, 11:09:18 AM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Creepy Resume | Steganography | 30 | October 25th, 3:25:47 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n| Bad Boy | Steganography | 10 | October 25th, 3:12:31 PM | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) |\n\n\u003cbr\u003e\n\n## πŸ“‚ QnQSec CTF 2025 \n\n**Platform :** https://ctf.qnqsec.team\n\n| Challenge | Category | Value | Solved at | write-up | \n| --------- | -------- | ------ | --------- | -------- |\n| Laser Strike | Misc | 380 | Oct 17, 01:14:31 PM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n| The picture | OSINT | 50 | Oct 17, 04:21:29 PM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n| HeartBroken | Misc | 50 | Oct 17, 07:05:31 AM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n| The company | OSINT | 50 | Oct 17, 03:50:42 AM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n| baby_baby_reverse | Rev | 50 | Oct 17, 03:22:50 AM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n| SmartCoffee | Hardw | 50 | Oct 17, 02:49:53 AM | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) |\n\n\n\n\u003cbr\u003e\n\n---\n\n\u003cbr\u003e\n\n## πŸ“‚ HTB, THM ... CTFs 2025\n\n| πŸ“‚ CTF Challenge | 🧩 Category | πŸ“ -write-up | Platform | Access_to_challenge | \n| --------------- | ---------- | ------------ | -------- | -------------------- |\n| Editor | Comprehensive Penetration | [πŸ”— write-up ](https://github.com/achnouri/Editor-CTF-writre-up) | Hackthebox | [LINK](https://app.hackthebox.com/machines/Editor) |\n| Sakura | OSINT | [πŸ”— write-up ](https://github.com/achnouri/Sakura-CTF-write-up) | Tryhackme | [LINK](https://tryhackme.com/room/sakura) |\n| OhSINT | OSINT | [πŸ”— write-up ](https://github.com/achnouri/OhSINT-CTF-write-up) | Tryhackme | [LINK](https://tryhackme.com/room/ohsint) |\n| Suspicious Threat | Forensics | [πŸ”— write-up ](https://github.com/achnouri/Suspicious-Threat-CTF-write-up)| Hackthebox | [LINK](https://app.hackthebox.com/challenges/Suspicious%20Threat) |\n| Reversing ELF | Reversing | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon)| TryHackme | [LINK](https://tryhackme.com/room/reverselfiles) |\n| The Needle | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/The%2520Needle) |\n| Debugging Interface | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Debugging%2520Interface) |\n| Low Logic | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Low%2520Logic) |\n| signals | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Signals) |\n| Photon Lockdown | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Photon%2520Lockdown) |\n| RFlag | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/RFlag) |\n| VHDLock | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/VHDLock) |\n| Wander | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK]( https://app.hackthebox.com/challenges/Wander) |\n| Defusal | Hardware | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK]( https://app.hackthebox.com/challenges/https://app.hackthebox.com/challenges/877) |\n| POP Restaurant | Web | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/POP%2520Restaurant) |\n| JerryTok | Web | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/JerryTok) |\n| Pentest Notes | Web | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Pentest%2520Notes) |\n| CDNio | Web | [πŸ”— write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/CDNio) |\n\n\u003cbr\u003e\n:) More coming soon... \n\n\u003cbr\u003e\u003cbr\u003e\n\n---\n\n## PortSwigger Labs / vulnerabilities \n\n| πŸ“‚ Lab Name / Vulnerability | πŸ“ -write-up | Platform | Access_to_lab |\n|-----------------------------|--------------|----------|---------------------|\n| SQL Injection | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#sql-injection) |\n| Cross-site scripting | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-site-scripting) |\n| Cross-site request forgery (CSRF) | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-site-request-forgery-csrf) |\n| Clickjacking | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#clickjacking) |\n| DOM-based | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#dom-based-vulnerabilities) |\n| Cross-origin resource sharing (CORS) | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-origin-resource-sharing-cors) |\n| XML external entity (XXE) injection | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#xml-external-entity-xxe-injection) |\n| Server-side request forgery (SSRF) | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#server-side-request-forgery-ssrf) |\n| HTTP request smuggling | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#http-request-smuggling) |\n| OS command injection | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#os-command-injection) |\n| Server-side template injection | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#server-side-template-injection) |\n| Path traversal | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#path-traversal) |\n| Access control | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#access-control-vulnerabilities) |\n| Authentication | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#authentication) |\n| WebSockets | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#websockets) |\n| Web cache poisoning | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-cache-poisoning) |\n| Insecure deserialization | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#insecure-deserialization) |\n| Information disclosure | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#information-disclosure) |\n| Business logic | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#business-logic-vulnerabilities) |\n| HTTP Host header attacks | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#http-host-header-attacks) |\n| OAuth authentication | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#oauth-authentications) |\n| File upload | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#file-upload-vulnerabilities) |\n| JWT | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#jwt) |\n| Essential skills | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#essential-skills) |\n| Prototype pollution | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#prototype-pollution) |\n| GraphQL API | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#graphql-api-vulnerabilities) |\n| Race conditions | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#race-conditions) |\n| NoSQL injection | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#nosql-injection) |\n| API testing | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#api-testing) |\n| Web LLM attacks | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-llm-attacks) |\n| Web cache deception | [πŸ”— write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-cache-deception) |\n\n---\n\n\u003cbr\u003e\n\n##### :) Write-ups of PortSwigger labs are now private until I finish them\n\n##### If you like this repo, don’t forget to ⭐ it! \n\n\u003cbr\u003e\n\n \u003ca href=\"https://tryhackme.com/p/ANxS3c\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/TryHackMe-ANxS3c-achraf?style=for-the-badge\u0026logo=tryhackme\u0026logoColor=white\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://app.hackthebox.com/profile/1859770\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/HackTheBox-ANxS3c-achraf?style=for-the-badge\u0026logo=hack-the-box\u0026logoColor=white\" /\u003e\n \u003c/a\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n✍️ : By [achnouri](https://github.com/achnouri)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fachnouri%2Fctf-challenges-write-ups","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fachnouri%2Fctf-challenges-write-ups","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fachnouri%2Fctf-challenges-write-ups/lists"}