Posts tagged with "rce" | kudaliar's blog

Nullcon HackIM CTF Goa 2026 - Meowy

Writeup for Meowy from Nullcon HackIM CTF 2026. A Web challenge involving Flask session forgery, SSRF, and Werkzeug PIN RCE.

k kudaliar
February 8, 2026
5 min read

writeup web flask ssrf werkzeug rce nullcon
MetaCTF January 2026 - PixelPerfect

Writeup for PixelPerfect from MetaCTF January 2026. A Web challenge involving Ruby Code Injection via instance_eval.

k kudaliar
February 1, 2026
2 min read

writeup web ruby code-injection rce filter-bypass metactf
PascalCTF 2026 - SurgoCompany

Writeup for SurgoCompany from PascalCTF 2026. A Misc challenge involving Python RCE via email attachment and Roundcube automation.

k kudaliar
February 1, 2026
3 min read

writeup misc rce python email roundcube pascalctf
0xL4ugh CTF V5 - 4llD4y

Detailed writeup for the 4llD4y challenge from 0xL4ugh CTF V5. A Medium Web challenge involving Prototype Pollution (CVE-2023-26135), happy-dom configuration override, and VM sandbox escape.

k kudaliar
January 26, 2026
3 min read

writeup web nodejs medium prototype-pollution vm-escape rce 0xl4ughctf
HTB - CodePartTwo

Penetration test report for the CodePartTwo machine on Hack The Box. Exploiting a critical PySandbox escape in js2py and leveraging a config race condition for privilege escalation.

k kudaliar
January 15, 2026
3 min read

writeup htb linux easy rce privesc python race-condition
HTB - Conversor

Penetration test report for the Conversor machine on Hack The Box. A Linux target involving arbitrary file write, cron job exploitation, and sudo privilege escalation.

k kudaliar
January 14, 2026
2 min read

writeup htb linux easy rce privesc python perl