Lenam Blog

Hello, welcome to Lenam's personal blog. Here you will find information about CTFs, hacking, programming, artificial intelligence, and technology in general.

I hope you find this information helpful, just as the information others selflessly shared on the internet was helpful to me at the time.

Important Notice

The content presented on this website is intended solely for educational purposes, learning, and practice in pentesting and capture the flag (CTF) competitions.

Read the blog posts or check About for more info.

Featured

• WriteUp Galera - HackMyVM

  
  Published:May 25, 2025

  Description of the exploitation of a misconfigured Galera cluster in a HackMyVM lab.

• WriteUp Token Of Hate - TheHackersLabs

  
  Published:Mar 22, 2025

  Resolution of a TheHackersLabs CTF, involving enumeration, stored XSS exploitation via Unicode, cookie hijacking, LFI and SSRF attacks, JWT manipulation for RCE, and privilege escalation via capabilities on Linux.

• WriteUp Token Of Love - TheHackersLabs

  
  Published:Feb 20, 2025

  Writeup narrating the exploitation in "Token Of Love," where a hidden clue in IPFS is deciphered to obtain the private key and manipulate the JWT. Vulnerabilities in Node.js are exploited to achieve RCE, and by using sudo with tee and a vulnerability in rsync wildcards, privilege escalation to root is achieved.

• WriteUp Matrix - Vulnyx

  
  Published:Feb 4, 2025

  This writeup documents the exploitation of a vulnerable machine inspired by Matrix, using traffic analysis, PHP injection, and privilege escalation with rsync to gain root access.

Recent Posts

• WriteUp Sandwich - Vulnyx

  Published:May 12, 2025

  This writeup describes the exploitation and escalation of the Sandwich machine on the Vulnyx platform, where you can practice the sandwich technique on a password recovery form that generates UUIDs vulnerable to this technique.

• WriteUp Zerotrace - Vulnyx

  Published:May 11, 2025

  Writeup describing the resolution of the Zerotrace machine created by suraxddq for the Vulnyx platform. It is the first writeup on my blog that does not belong to a machine created by me.

• Lab Inj3ctlab - Bug Bounty Labs

  Published:Feb 1, 2025

  Article describing the SSTI vulnerability and providing a step-by-step guide on how to solve the Inj3ctlab laboratory from Bug Bounty Labs to practice SSTI in multiple template engines.