franlrs/writeups

GitHub: franlrs/writeups

Stars: 1 | Forks: 0

🔐 Penetration Testing & CTF Writeup Collection

From reconnaissance to root — documented step by step.

## 📖 About This Repository Hello World! I'm **franlrs** — a cybersecurity enthusiast documenting my hands-on journey through CTF machines and penetration testing labs. Each writeup covers the **complete exploitation chain**: reconnaissance → enumeration → exploitation → privilege escalation, with detailed explanations of every technique and tool used. All writeups are also published on my personal site with a better reading experience — check it out at **[portfolio.franlrs.blog](https://portfolio.franlrs.blog/writeups)**. ## 🐳 DockerLabs | # | Machine | Difficulty | Key Techniques | Writeup | |---|---------|-----------|----------------|---------| | 01 | 🩸 **BigWear** | ![Intermediate](https://img.shields.io/badge/Intermediate-orange?style=flat-square) | CVE-2025-34077 · Auth Bypass · RCE · PrivEsc | [![Read](https://img.shields.io/badge/Read-→-blueviolet?style=flat-square)](https://portfolio.franlrs.blog/writeups/dockerlabs/bigwear) | | 02 | 💼 **BigWork** | ![Intermediate](https://img.shields.io/badge/Intermediate-orange?style=flat-square) | — | [![Read](https://img.shields.io/badge/Read-→-blueviolet?style=flat-square)](https://portfolio.franlrs.blog/writeups/dockerlabs/bigwork) | | 03 | 🏜️ **Duque** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | — | [![Read](https://img.shields.io/badge/Read-→-blueviolet?style=flat-square)](https://portfolio.franlrs.blog/writeups/dockerlabs/duque) | | 04 | 🌳 **Tproot** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | — | [![Read](https://img.shields.io/badge/Read-→-blueviolet?style=flat-square)](https://portfolio.franlrs.blog/writeups/dockerlabs/tproot) | | 05 | 🎒 **Trailpack** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | — | [![Read](https://img.shields.io/badge/Read-→-blueviolet?style=flat-square)](https://portfolio.franlrs.blog/writeups/dockerlabs/trailpack) | ## 📦 Hack The Box | # | Machine | Difficulty | Key Techniques | Writeup | |---|---------|-----------|----------------|---------| | 01 | 📅 **Appointment** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | SQL Injection | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/appointment) | | 02 | 🐊 **Crocodile** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | FTP Anon · Directory Brute | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/crocodile) | | 03 | 💃 **Dancing** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | SMB Enumeration | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/dancing) | | 04 | 🦌 **Fawn** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | FTP Anonymous Login | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/fawn) | | 05 | 🐱 **Meow** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | Telnet · Default Credentials | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/meow) | | 06 | ☠️ **Redeemer** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | Redis Enumeration | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/redeemer) | | 07 | 📡 **Responder** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | LLMNR Poisoning · Hash Crack | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/responder) | | 08 | 🗃️ **Sequel** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | MariaDB · SQL Enum | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/sequel) | | 09 | 3️⃣ **Three** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | AWS S3 · Subdomain Enum | [![Read](https://img.shields.io/badge/Read-→-9fef00?style=flat-square&labelColor=1a2332)](https://portfolio.franlrs.blog/writeups/hackthebox/three) | ## 🔴 TryHackMe | # | Machine | Difficulty | Key Techniques | Writeup | |---|---------|-----------|----------------|---------| | 01 | 🏘️ **Neighbour** | ![Easy](https://img.shields.io/badge/Easy-brightgreen?style=flat-square) | IDOR · Access Control | [![Read](https://img.shields.io/badge/Read-→-red?style=flat-square)](https://portfolio.franlrs.blog/writeups/tryhackme/neighbour) | ## 🛠️ Tools & Methodology

| Category | Tools | |----------|-------| | 🔍 **Recon** | `nmap` `masscan` `whois` `dig` | | 🗺️ **Enumeration** | `gobuster` `ffuf` `wpscan` `nikto` `enum4linux` | | 💣 **Exploitation** | `metasploit` `burpsuite` `sqlmap` `hydra` | | 🐚 **Shells** | `netcat` `socat` `revshells.com` | | 📈 **PrivEsc** | `linpeas` `pspy` `gtfobins` `sudo -l` | | 🔑 **Cracking** | `john` `hashcat` `rockyou.txt` |

## 📊 Stats

| Platform | Machines | Easy | Medium | Hard | |----------|----------|------|--------|------| | 🐳 DockerLabs | 5 | 3 | 2 | 0 | | 📦 Hack The Box | 9 | 9 | 0 | 0 | | 🔴 TryHackMe | 1 | 1 | 0 | 0 | | **Total** | **15** | **13** | **2** | **0** |

## 🔗 Links

[![Portfolio & Writeups](https://img.shields.io/badge/🌐_Portfolio_&_Writeups-portfolio.franlrs.blog-blueviolet?style=for-the-badge)](https://portfolio.franlrs.blog/writeups)

_{📄 MIT License · Star if useful!}

标签：后端开发