# CTF Writeups - [CTF Writeups](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups.md): A collection of interesting challenges that I solved in various CTFs. - [BackDoorCTF 2025](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/backdoorctf-2025.md) - [Trust Issues](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/backdoorctf-2025/trust-issues.md) - [HeroCTF 2025](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/heroctf-2025.md) - [SpringDrive](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/heroctf-2025/springdrive.md): Hash Collision? + SSRF to Redis RCE - [BuckeyeCTF 2025](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/buckeyectf-2025.md) - [Authman](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/buckeyectf-2025/authman.md): passwords won't save you now NOTE: remote can only connect to ports 80/443 - [nu1l CTF 25](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/nu1l-ctf-25.md) - [eezzjs](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/nu1l-ctf-25/eezzjs.md) - [Sunshine CTF 25](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/sunshine-ctf-25.md) - [Intergalactic Webhook Service](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/sunshine-ctf-25/intergalactic-webhook-service.md): DNS Rebinding - [Greyhats Welcome CTF 25](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25.md): Some pwn challenges - [Blast From The Past](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/blast-from-the-past.md): Ret2Shellcode + push rsp gadget - [EchoCrash](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/echocrash.md): GOT overwrite with negative indexing - [Sunshine Factory](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/sunshine-factory.md): Buffer Overflow + Partial Overwrite - [USCTF 2024](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/usctf-2024.md) - [Spooky Query Leaks](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/usctf-2024/spooky-query-leaks.md): INSERT Query SQLi - [HackTheVote](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/hackthevote.md) - [Comma-Club (Revenge)](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/hackthevote/comma-club-revenge.md): One-Byte Overwrite over Function Pointer - [HeroCTF 2024](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/heroctf-2024.md) - [Heappie](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/heroctf-2024/heappie.md): Ret2win in Heap - [Buckeye 2024](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/buckeye-2024.md) - [No-Handouts](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/buckeye-2024/no-handouts.md): Ret2Libc except no shell L - [TetCTF 2024](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/tetctf-2024.md) - [TET & 4N6](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/tetctf-2024/tet-and-4n6.md): A good forensics challenge that was cheesed - [PatriotCTF 2023](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/patriotctf-2023.md) - [ML Pyjail](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/patriotctf-2023/ml-pyjail.md): Python Jail with a twist. - [Breakfast Club](https://xenon-2.gitbook.io/writeups/ctf-writeups/ctf-writeups/patriotctf-2023/breakfast-club.md): Hash Cracking with a caveat - [Authored Challenges](https://xenon-2.gitbook.io/writeups/ctf-writeups/authored-challenges.md): Hopefully the list grows longer as time goes on - [Team Rocket](https://xenon-2.gitbook.io/writeups/ctf-writeups/authored-challenges/team-rocket.md): Team Rocket is looking for new members to join their global conquest! They have set up a new system to recruit new members. Can you infiltrate their system and find out what they are up to? - [Portal](https://xenon-2.gitbook.io/writeups/ctf-writeups/authored-challenges/portal.md): My company vibecoded a portal for viewing websites, wonder what can go wrong - [Upsolves](https://xenon-2.gitbook.io/writeups/ctf-writeups/upsolves.md): Challenges I try to learn from in preparation for CTFs - [Go Touch Grass](https://xenon-2.gitbook.io/writeups/ctf-writeups/upsolves/go-touch-grass.md): Scroll-To-Text-Fragment with DNS Prefetch - [Secure Blob Runner](https://xenon-2.gitbook.io/writeups/ctf-writeups/upsolves/secure-blob-runner.md): Shellcode with ROP via fs\_base leak - [HAKKShop](https://xenon-2.gitbook.io/writeups/ctf-writeups/upsolves/hakkshop.md): logic bugs + verb tampering? - [Trading-API](https://xenon-2.gitbook.io/writeups/ctf-writeups/upsolves/trading-api.md): hacklu-ctf 2021 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xenon-2.gitbook.io/writeups/ctf-writeups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.