Operator
mitza / Tudor Mihai Alexandru
small CTF corner • notes by mitza
mitza's writeup stash
Hey, I'm Tudor Mihai Alexandru. This is just my relaxed blog where I drop writeups after solving challenges, mostly web stuff and whatever weird chain I run into.
Focus
Web exploitation, SSRF, SSTI, privilege escalation
Platform
Writeups
Mostly raw notes, but clean enough to reproduce the solve path.
REV
ELF
HASH-COLLISION
VM
burnt-out
Reversed a stripped game binary, abused hash-only reflection lookups, reconstructed action/predicate schema, and built a collision-based JSON script that reliably reaches the remote flag state.
Read Full Writeup
REV
ELF
RECURSION
MATH
Optimus Prime
Slow flag generator challenge. Reversed anti-debug checks, reconstructed recursive mixers, and solved it instantly with an offline memoized reimplementation.
Read Full Writeup
WEB
SSRF
SSTI
PRIVESC
Rocket
Fun chain: SSRF filter bypass, internal Flask blog pop via SSTI, RCE as low-priv user, then root through cron + logrotate + writable script.
Read Full Writeup