RCE on 0xMesbaha

No .php, No Problem: Executing PHP Through Unexpected Paths

Thu, 30 Apr 2026 12:49:18 +0200

In a recent project i came across a file upload function which i really love to spend time understanding how it exactly works to ensure either it can be exploited or not. the interesting thing which makes me write this blog is the bypass idea which is not really common and btw i spent much time chatting with ai platforms to get suggestions and none of them directed me through this path to be honest it was 6 months ago so maybe it can now :“D

EGCERT-CTF JDBCLeak Exploit

Wed, 28 May 2025 12:49:18 +0200

JDBCLeak Leak was a challenge introducted in EGCERT CTF Finals 2025 under the category R&D , tbh i didn’t even look at the challenge during CTF Time , didn’t expect this category to introduce such good example of a real case code review challenge , however after reading the author’s blog here about the category and challenge i thought of trying it myself and create a POC for it to get rce reading /flag.txt , we got 3rd place btw :“D

Devzat Hackthebox writeup

Fri, 11 Mar 2022 00:45:12 +0900

In this Hackthebox we will get a user access through a command injection in a vhost , then will make port forwarding to find a service that will give us the password for another user who have access to some backups, in this backups we can find the source-code for a bot , the bot has 2 versions one of them is running locally and it has a command “file” which allows us to read any file on the sytsem we will make port forwarding one more time to read the root private key and login as root

Previse Hackthebox writeup

Thu, 27 Jan 2022 00:45:08 +0200

In this Writeup you will find walkthrough of the retired machine previse From Hackthebox