https://grok-rs.github.io/Personal blog for CTF writeups and security research 2026-04-12T22:08:15+00:00 grok-rs https://grok-rs.github.io/ Jekyll © 2026 grok-rs /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2025-12-26T00:00:00+00:00 2025-12-26T23:49:57+00:00 https://grok-rs.github.io/posts/tryhackme-pyrat/ grok-rs

Walkthrough of TryHackMe Pyrat - exploiting a Python-based RAT via arbitrary code execution, extracting credentials from Git history, and brute-forcing an admin endpoint for root access.

2025-12-26T00:00:00+00:00 2025-12-26T00:00:00+00:00 https://grok-rs.github.io/posts/tryhackme-lazyadmin/ grok-rs

Walkthrough of TryHackMe LazyAdmin - exploiting SweetRice CMS backup disclosure to obtain admin credentials, uploading a PHP webshell via the ads feature, and escalating to root through a writable shell script executed via sudo.

2025-12-26T00:00:00+00:00 2025-12-26T23:53:07+00:00 https://grok-rs.github.io/posts/tryhackme-b3dr0ck/ grok-rs

Walkthrough of TryHackMe B3dr0ck - exploiting TLS certificate services to obtain credentials, using sudo certutil for lateral movement, and decoding multi-layered encoded passwords for root access.

2025-12-19T00:00:00+00:00 2025-12-26T23:49:57+00:00 https://grok-rs.github.io/posts/tryhackme-dreaming/ grok-rs

A walkthrough of the Dreaming room on TryHackMe, exploiting Pluck CMS, command injection via MySQL, and Python library hijacking for privilege escalation.