Lenam Blog

Hello, welcome to Lenam's personal blog. Here you will find information about CTFs, hacking, programming, artificial intelligence, and technology in general.

I hope you find this information helpful, just as the information others selflessly shared on the internet was helpful to me at the time.

Important Notice

The content presented on this website is intended solely for educational purposes, learning, and practice in pentesting and capture the flag (CTF) competitions.

Read the blog posts or check About for more info.

Featured

• WriteUp Token Of Love - TheHackersLabs

  

  Writeup narrating the exploitation in "Token Of Love," where a hidden clue in IPFS is deciphered to obtain the private key and manipulate the JWT. Vulnerabilities in Node.js are exploited to achieve RCE, and by using sudo with tee and a vulnerability in rsync wildcards, privilege escalation to root is achieved.

• WriteUp Matrix - Vulnyx

  

  This writeup documents the exploitation of a vulnerable machine inspired by Matrix, using traffic analysis, PHP injection, and privilege escalation with rsync to gain root access.

Recent Posts

• Lab Inj3ctlab - Bug Bounty Labs

  Article describing the SSTI vulnerability and providing a step-by-step guide on how to solve the Inj3ctlab laboratory from Bug Bounty Labs to practice SSTI in multiple template engines.

• WriteUp Subversión - Dockerlabs

  This lab, available on the Dockerlabs platform, covers multiple security challenges: from brute-forcing Subversion and guessing an insecure random number to exploiting a buffer overflow and escalating privileges using the tar wildcard technique.

• WriteUp Solar - Vulnyx

  Below is the process for exploiting the Vulnyx Solar CTF. This is a challenging machine that requires patience.