PWN

Event: b01lers CTF 2026 Category: pwn Challenge: pwn/throughthewall Files: bzImage, initramfs.cpio.gz, start.sh Remote: ncat --ssl throughthewall.opus4-7.b01le.rs 8443 Flag: bctf{spray_those_dirty_pipes} This challenge was a kernel pwn packaged as a bootable QEMU image. The archive gave a kernel, an initramfs, and a launcher script. The remote service wrapped the same VM behind TLS and a proof-of-work gate, then dropped us into a BusyBox shell as the unprivileged ctf user. The only real goal was to turn that shell into root and read /flag.txt.