DEV Community

Sean Lee
Sean Lee

Posted on

TryHackMe Hackfinity Battle Writeups

#cybersecurity #ctf #learning #productivity

This Google Drive link contains all the writeups I could compile from solving various CTF challenges. Unfortunately, I wasn’t aware that TryHackMe deletes rooms after the event ends, so I can only recreate some of the writeups from memory. On the bright side, I managed to take enough screenshots for a few challenges, allowing me to explain those in detail.

The rooms I completed are as follows (what I remembered enough to do complete writeups with):

  • All 3 OSINT challenges (2 easy, 1 medium)
  • Sneaky Patch, investigating a backdoor (easy)
  • Stolen Mount, recovering hijacked NFS file (easy)
  • Sequel Dump, investigating SQLMap attack and recover the data from it (hard)

There are a few cryptography ones that I did but did not save any details of it.

There is one Boot2Root challenge that I just can't establish a PHP reverse shell with, for the ones who joined the competition you know what I am talking about. Do share with me how you did it if you actually pwned the machine, I would really appreciate it.

profile
ACI.dev
 Promoted

ACI image

ACI.dev: Best Open-Source Composio Alternative (AI Agent Tooling)

100% open-source tool-use platform (backend, dev portal, integration library, SDK/MCP) that connects your AI agents to 600+ tools with multi-tenant auth, granular permissions, and access through direct function calling or a unified MCP server.

Star our GitHub!

Top comments (0)

profile
ACI.dev
 Promoted

ACI image

ACI.dev: The Only MCP Server Your AI Agents Need

ACI.dev’s open-source tool-use platform and Unified MCP Server turns 600+ functions into two simple MCP tools on one server—search and execute. Comes with multi-tenant auth and natural-language permission scopes. 100% open-source under Apache 2.0.

Star our GitHub!