https://github.com/achnouri/ctf-challenges-write-ups

This repository is a collection of detailed write-ups for CTF challenges/machines/... that i have solved across different cybersecurity training platforms
https://github.com/achnouri/ctf-challenges-write-ups

capture-the-flag cryptography ctf ctf-challenges ctf-writeups cybersecurity hacking hacking-tools hackthebox offensive-security osint pentesting red-team reversing scanning security testing tryhackme vulnerabilities web

Last synced: about 2 months ago
JSON representation

This repository is a collection of detailed write-ups for CTF challenges/machines/... that i have solved across different cybersecurity training platforms

Host: GitHub
URL: https://github.com/achnouri/ctf-challenges-write-ups
Owner: achnouri
Created: 2025-04-09T01:14:54.000Z (12 months ago)
Default Branch: main
Last Pushed: 2026-01-09T00:36:44.000Z (3 months ago)
Last Synced: 2026-01-31T15:59:45.651Z (2 months ago)
Topics: capture-the-flag, cryptography, ctf, ctf-challenges, ctf-writeups, cybersecurity, hacking, hacking-tools, hackthebox, offensive-security, osint, pentesting, red-team, reversing, scanning, security, testing, tryhackme, vulnerabilities, web
Homepage:
Size: 47.9 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # 🚩 [ᴄᴛꜰ] | ᴄʜᴀʟʟᴇɴɢᴇꜱ - ᴍᴀᴄʜɪɴᴇꜱ - ʟᴀʙꜱ | ᴡʀɪᴛᴇ-ᴜᴘꜱ

> Collection of challenges, machines, write-ups, flags, labs and general cybersecurity practice.

---

## 📂 DEADFACE CTF 2025 

**Platform :** https://ctf.deadface.io

| Challenge | Category | Value | Solved at | Write-up |

| ---------- | ---------- | ------ | ---------- | ---------- |

| Tell No One | Stolen Secrets | 100 | October 27th, 12:22:46 AM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Undervalued | EpicSales | 400 | October 26th, 10:46:58 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Big Spender | EpicSales | 210 | October 26th, 10:41:35 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Silent Buyers | EpicSales | 100 | October 26th, 10:30:42 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Versions | Stolen Secrets | 10 | October 26th, 10:13:11 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| High Value Targets | EpicSales | 50 | October 26th, 7:29:06 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Low Stock | EpicSales | 50 | October 26th, 7:18:08 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| 5 Stars | EpicSales | 30 | October 26th, 7:09:28 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Promo Code | EpicSales | 25 | October 26th, 7:02:56 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Lay of the Land | Hostbusters | 70 | October 26th, 12:37:27 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Secret Stash | Hostbusters | 8 | October 26th, 12:12:29 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Let Me In | Hostbusters | 5 | October 26th, 12:11:11 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Double Decode | Steganography | 75 | October 26th, 11:09:18 AM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Creepy Resume | Steganography | 30 | October 25th, 3:25:47 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |

| Bad Boy | Steganography | 10 | October 25th, 3:12:31 PM | [🔗 write-up](https://github.com/achnouri/__coming_soon) |




## 📂 QnQSec CTF 2025 

**Platform :** https://ctf.qnqsec.team

| Challenge | Category | Value  | Solved at | write-up | 

| --------- | -------- | ------ | --------- | -------- |

| Laser Strike      | Misc  | 380 | Oct 17, 01:14:31 PM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |

| The picture       | OSINT | 50  | Oct 17, 04:21:29 PM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |

| HeartBroken       | Misc  | 50  | Oct 17, 07:05:31 AM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |

| The company       | OSINT | 50  | Oct 17, 03:50:42 AM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |

| baby_baby_reverse | Rev   | 50  | Oct 17, 03:22:50 AM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |

| SmartCoffee       | Hardw | 50  | Oct 17, 02:49:53 AM | [🔗 write-up ](https://github.com/achnouri/__coming_soon) |




---




## 📂 HTB, THM ... CTFs 2025

| 📂 CTF Challenge | 🧩 Category | 📝 -write-up | Platform | Access_to_challenge  | 

| --------------- | ---------- | ------------ | -------- | -------------------- |

| Editor | Comprehensive Penetration | [🔗 write-up ](https://github.com/achnouri/Editor-CTF-writre-up) | Hackthebox | [LINK](https://app.hackthebox.com/machines/Editor) |

| Sakura | OSINT | [🔗 write-up ](https://github.com/achnouri/Sakura-CTF-write-up) | Tryhackme | [LINK](https://tryhackme.com/room/sakura) |

| OhSINT | OSINT | [🔗 write-up ](https://github.com/achnouri/OhSINT-CTF-write-up) | Tryhackme | [LINK](https://tryhackme.com/room/ohsint) |

| Suspicious Threat | Forensics | [🔗 write-up ](https://github.com/achnouri/Suspicious-Threat-CTF-write-up)| Hackthebox | [LINK](https://app.hackthebox.com/challenges/Suspicious%20Threat) |

| Reversing ELF | Reversing | [🔗 write-up ](https://github.com/achnouri/__coming_soon)| TryHackme | [LINK](https://tryhackme.com/room/reverselfiles) |

| The Needle | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/The%2520Needle) |

| Debugging Interface | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Debugging%2520Interface) |

| Low Logic | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Low%2520Logic) |

| signals | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Signals) |

| Photon Lockdown | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Photon%2520Lockdown) |

| RFlag | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/RFlag) |

| VHDLock | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/VHDLock) |

| Wander | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK]( https://app.hackthebox.com/challenges/Wander) |

| Defusal | Hardware | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK]( https://app.hackthebox.com/challenges/https://app.hackthebox.com/challenges/877) |

| POP Restaurant | Web | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/POP%2520Restaurant) |

| JerryTok | Web | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/JerryTok) |

| Pentest Notes | Web | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/Pentest%2520Notes) |

| CDNio | Web | [🔗 write-up ](https://github.com/achnouri/__coming_soon) | Hackthebox | [LINK](https://app.hackthebox.com/challenges/CDNio) |




:) More coming soon... 





---

## PortSwigger Labs / vulnerabilities 

| 📂 Lab Name / Vulnerability | 📝 -write-up | Platform | Access_to_lab |

|-----------------------------|--------------|----------|---------------------|

| SQL Injection | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#sql-injection) |

| Cross-site scripting | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-site-scripting) |

| Cross-site request forgery (CSRF) | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-site-request-forgery-csrf) |

| Clickjacking | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#clickjacking) |

| DOM-based | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#dom-based-vulnerabilities) |

| Cross-origin resource sharing (CORS) | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#cross-origin-resource-sharing-cors) |

| XML external entity (XXE) injection | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#xml-external-entity-xxe-injection) |

| Server-side request forgery (SSRF) | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#server-side-request-forgery-ssrf) |

| HTTP request smuggling | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#http-request-smuggling) |

| OS command injection | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#os-command-injection) |

| Server-side template injection | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#server-side-template-injection) |

| Path traversal | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#path-traversal) |

| Access control | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#access-control-vulnerabilities) |

| Authentication | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#authentication) |

| WebSockets | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#websockets) |

| Web cache poisoning | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-cache-poisoning) |

| Insecure deserialization | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#insecure-deserialization) |

| Information disclosure | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#information-disclosure) |

| Business logic | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#business-logic-vulnerabilities) |

| HTTP Host header attacks | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#http-host-header-attacks) |

| OAuth authentication | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#oauth-authentications) |

| File upload | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#file-upload-vulnerabilities) |

| JWT | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#jwt) |

| Essential skills | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#essential-skills) |

| Prototype pollution | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#prototype-pollution) |

| GraphQL API | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#graphql-api-vulnerabilities) |

| Race conditions | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#race-conditions) |

| NoSQL injection | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#nosql-injection) |

| API testing | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#api-testing) |

| Web LLM attacks | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-llm-attacks) |

| Web cache deception | [🔗 write-up](https://github.com/achnouri/__coming_soon) | Portswigger | [LINK](https://portswigger.net/web-security/all-labs#web-cache-deception) |

---




##### :) Write-ups of PortSwigger labs are now private until I finish them

##### If you like this repo, don’t forget to ⭐ it!  




  

    

  

  

    

  





✍️  : By [achnouri](https://github.com/achnouri)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/achnouri/ctf-challenges-write-ups

Awesome Lists containing this project

README