Hackthebox

May 21, 2026
in AI Red Team, CTF Writeup, Hackthebox, RAG, Privilege Escalation
12 min read

Espionage Intelligence Writeup

Summary

Espionage Intelligence was an HTB CTF challenge centered around abusing an Operator Wiki RAG pipeline that ranked documents by semantic similarity while failing to properly enforce clearance boundaries. Starting with a standard HUMINT operator account, the objective was to perform reconnaissance of the semantic space, extract sensitive information useful for lateral movement, escalate privileges, and ultimately access advanced leader-only agentic analytics.

August 6, 2025
in CTF Writeup, Hackthebox, Web Application Penetration Testing, Command Injection
4 min read

HTB ARMAXIS Writeup

Summary

The application was vulnerable to a logical flaw in the password reset mechanism that allowed unauthorized password resets. By exploiting this flaw, we reset the admin user's password. This privilege escalation allowed access to an admin-only weapon dispatch feature, which included a command injection vulnerability via unsanitized curl execution in Markdown parsing. Combining both vulnerabilities led to command execution and flag retrieval.

August 4, 2025
in CTF Writeup, Hackthebox, JavaScript Analysis, Web Application Penetration Testing
2 min read

HTB Neovault Writeup

Summary

This challenge involved client-side reconnaissance through JavaScript .map and .js files served by a Next.js application. By mining and crawling those files, we uncovered hidden API endpoints, enumerated users via an inquire endpoint, and eventually downloaded user-specific transaction PDFs to retrieve the flag.

August 1, 2025
in CTF Writeup, Hackthebox, Web Application Penetration Testing
2 min read

Flag Command Writeup

Summary

The application has an IDOR (Indirect Object Reference) vulnerability which can be used to retrieve the flag.