small CTF corner • notes by mitza

mitza's writeup stash

Hey, I'm Tudor Mihai Alexandru. This is just my relaxed blog where I drop writeups after solving challenges, mostly web stuff and whatever weird chain I run into.

Open Writeups Cyber-EDU Profile

Operator

mitza / Tudor Mihai Alexandru

Focus

Web exploitation, SSRF, SSTI, privilege escalation

Platform

Cyber-EDU profile

Writeups

Mostly raw notes, but clean enough to reproduce the solve path.

WEB SSRF SSTI PRIVESC

Rocket

Fun chain: SSRF filter bypass, internal Flask blog pop via SSTI, RCE as low-priv user, then root through cron + logrotate + writable script.

Read Full Writeup