olawale-sec/ctf-writeups

# 🏁 CTF Writeups [](https://tryhackme.com/p/brainbox0319) [](https://hackthebox.com) ## 📊 TryHackMe 进度 [](https://tryhackme.com/p/brainbox0319) **已完成的学习路径：** - ✅ SOC Level 1 - ✅ Pre-Security - ✅ Cyber Defense - 🔄 Jr Penetration Tester *(进行中)* ## 📁 Writeups 索引 ### TryHackMe Rooms | Room | 分类 | 难度 | Writeup | |---|---|---|---| | Blue | Network / Exploitation | Easy | [查看](./rooms/thm-blue.md) | | RootMe | Web / Privilege Escalation | Easy | [查看](./rooms/thm-rootme.md) | | OhSINT | OSINT | Easy | [查看](./rooms/thm-ohsint.md) | | Nmap | Recon | Easy | [查看](./rooms/thm-nmap.md) | | Pickle Rick | Web / CTF | Easy | [查看](./rooms/thm-pickle-rick.md) | ### HackTheBox Machines | Machine | OS | 难度 | Writeup | |---|---|---|---| | Lame | Linux | Easy | [查看](./rooms/htb-lame.md) | | Jerry | Windows | Easy | [查看](./rooms/htb-jerry.md) | ## 🔧 我的方法论 ``` 1. Reconnaissance └── nmap -sV -sC -oA scan gobuster dir -u http:// -w wordlist.txt 2. Enumeration └── Identify services, versions, open ports Look for CVEs, misconfigurations 3. Exploitation └── searchsploit msfconsole / manual exploit 4. Post-Exploitation └── Privilege escalation linpeas.sh / winpeas.exe Capture flags 5. Documentation └── Screenshot evidence Write structured report ``` ## 🛠️ 使用的工具 ``` # Recon nmap, gobuster, ffuf, nikto, theHarvester # Exploitation metasploit, burpsuite, sqlmap, hydra # Post-Exploitation linpeas, winpeas, pspy, mimikatz (lab only) # Misc john, hashcat, stegseek, binwalk, exiftool ``` ## ⚠️ 免责声明 此处记录的所有挑战均位于**授权平台**（TryHackMe、HackTheBox）上，专为合法的安全实践而设计。未经明确的书面许可，切勿将这些技术应用于任何系统。 *[tryhackme.com/p/brainbox0319](https://tryhackme.com/p/brainbox0319) · [olawale-sec.github.io](https://olawale-sec.github.io)*

标签：CISA项目, Web报告查看器, 协议分析, 安全攻防, 插件系统, 权限提升, 网络安全, 防御加固, 隐私保护