top of page

OSS has taken part in various competitions and is very active in online CTFs and HTB challenges. Although many think it is just hacking, that is not the case. In most of these events, the hacking is around 40% to 50% of the work, while the rest of it is writing reports. Here are a few examples of previous reports that OSS members have done in the past.

​

Unfortunately, it seems that the links to the following writeups are currently down. Please be patient as we restore them.

​

Update: We now have student writeups for "Laboratory", "Doctor", and "Academy"

htb logo_edited.png

Table of Contents

  • HTB Write Up

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - SQL Injection.

    • Privilege Escalation - Hijack Command Execution by Path Interception

  • HTB Jarvis

    • HTB Linux machine Difficulty: Medium

    • Initial Foothold - SQL Injection through GET parameter.

    • Privilege Escalation - Exploiting SUID systemctl

  • HTB Networked

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - File upload bypass vulnerability.

    • Privilege Escalation - Unsanitized user input injection

  • HTB Swag Shop

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - RCE via an outdated version of Magento

    • Privilege Escalation - Manipulating a misconfiguration in /etc/sudoers

  • HTB Laboratory

    • HTB Windows machine Difficulty: Easy

    • Initial Foothold - Client-Side Attacks

    • Privilege Escalation -SUID

  • HTB Doctor

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - Server-Side Template Injection

    • Privilege Escalation - Command Injection

  • HTB Academy or this secondary HTB Academy writeup

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - RoleID

    • Privilege Escalation - Privesc mrb3n → Root

  • Student Projects

bottom of page