Lenam Blog
RSS FeedHello, welcome to Lenam's personal blog. Here you will find information about CTFs, hacking, programming, artificial intelligence, and technology in general.
I hope you find this information helpful, just as the information others selflessly shared on the internet was helpful to me at the time.
Important Notice
The content presented on this website is intended solely for educational purposes, learning, and practice in pentesting and capture the flag (CTF) competitions.
Read the blog posts or check About for more info.
Featured
WriteUp Galera - HackMyVM
Published:Description of the exploitation of a misconfigured Galera cluster in a HackMyVM lab.
WriteUp Token Of Hate - TheHackersLabs
Published:Resolution of a TheHackersLabs CTF, involving enumeration, stored XSS exploitation via Unicode, cookie hijacking, LFI and SSRF attacks, JWT manipulation for RCE, and privilege escalation via capabilities on Linux.
WriteUp Token Of Love - TheHackersLabs
Published:Writeup narrating the exploitation in "Token Of Love," where a hidden clue in IPFS is deciphered to obtain the private key and manipulate the JWT. Vulnerabilities in Node.js are exploited to achieve RCE, and by using sudo with tee and a vulnerability in rsync wildcards, privilege escalation to root is achieved.
WriteUp Matrix - Vulnyx
Published:This writeup documents the exploitation of a vulnerable machine inspired by Matrix, using traffic analysis, PHP injection, and privilege escalation with rsync to gain root access.
Recent Posts
WriteUp Sandwich - Vulnyx
Published:This writeup describes the exploitation and escalation of the Sandwich machine on the Vulnyx platform, where you can practice the sandwich technique on a password recovery form that generates UUIDs vulnerable to this technique.
WriteUp Zerotrace - Vulnyx
Published:Writeup describing the resolution of the Zerotrace machine created by suraxddq for the Vulnyx platform. It is the first writeup on my blog that does not belong to a machine created by me.
Lab Inj3ctlab - Bug Bounty Labs
Published:Article describing the SSTI vulnerability and providing a step-by-step guide on how to solve the Inj3ctlab laboratory from Bug Bounty Labs to practice SSTI in multiple template engines.