Blog | chjwoo

2025

HackTheBox TwoMillion Walkthrough

TwoMillion walkthrough focusing on exploiting an invite code generation mechanism and a command injection vulnerability to achieve Remote Code Execution (RCE) and privilege escalation to root using CVE-2023-0386.

c chjwoo
October 8, 2025
9 min read

Command Injection RCE Misconfiguration
HackTheBox BountyHunter Walkthrough

BountyHunter walkthrough focusing on exploiting an XXE vulnerability in a bug reporting form to achieve Remote Code Execution (RCE) and privilege escalation to root.

c chjwoo
February 16, 2025
10 min read

XXE Injection Web Exploitation
HackTheBox Cap Walkthrough

Cap is an easy Linux machine that runs an HTTP server with administrative functions including network capturing. Improper access control leads to Insecure Direct Object Reference (IDOR) allowing access to other users.

c chjwoo
February 9, 2025
6 min read

Digital Forensics IDOR Web Exploitation
HackTheBox Starting Point Writeups

This is a detailed write-up of all my HackTheBox Starting Point machines. I will update this post as I complete more machines.

c chjwoo
February 6, 2025
50 min read
17 subposts

HackTheBox Writeup

2021

Hackfest0x05 CTF Writeup

This is my writeup for the Hackfest0x05 CTF event.

c chjwoo
December 30, 2021
9 min read
2 subposts

CTF Writeup