> For the complete documentation index, see [llms.txt](https://lance-kenji.gitbook.io/me/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lance-kenji.gitbook.io/me/nullcon-hackim-ctf-goa-2026-writeups/nullcon-hackim-ctf-goa-2026.md). # Nullcon HackIM CTF Goa 2026 Hi, I’m **mis4nthr0pia** from **team Lil:Pwny** — a full-stack web developer, cybersecurity enthusiast, and computer science student based in the Philippines. This GitBook contains my **Nullcon HackIM CTF Goa 2026** writeups, where I document how I approach challenges, identify vulnerabilities, and relate them to real-world security scenarios. It serves both as my personal knowledge base and as a way to give back to the CTF and infosec community. I’m particularly interested in **web security, offensive security, and exploitation techniques**, especially challenges that appear straightforward at first but reveal deeper complexity once you dig into the implementation. One of the most memorable challenges for me was **WordPress Static Site Generator**. While labeled as an *easy* web task, it required careful observation of error messages, understanding backend behavior, and creatively working around strict input constraints. By chaining a local file inclusion issue with server-side template processing, I was able to abuse the template engine to read sensitive server files. The challenge was a great reminder that even simple features—like template selection and file uploads—can become powerful attack vectors when validation and assumptions break down. *** ## 🛠 Technical Background Alongside CTFs, I have a strong programming background, which I actively use when solving challenges: * **Languages:** PHP, Python, JavaScript * **Frameworks & Patterns:** Django, MVC-based architectures * **Tools & Practices:** Linux, scripting, automation, basic pentesting workflows This mix of **development and security** helps me understand both how systems are built and how they break — which is a perspective I try to reflect in every writeup. *** ## 📚 What You’ll Find Here * Step-by-step CTF solutions * Vulnerability analysis and root-cause explanations * Payload construction and exploitation logic * Lessons learned and alternative attack paths Feel free to explore, learn, and adapt anything useful for your own journey. *** ## 🧑‍💻 Socials TikTok: [https://tiktok.com/@mis4nthrop1a](http://tiktok.com/@mis4nthrop1a) YouTube: LinkedIn: [https://linkedin.com/in/lancekenjiparce/](http://linkedin.com/in/lancekenjiparce/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://lance-kenji.gitbook.io/me/nullcon-hackim-ctf-goa-2026-writeups/nullcon-hackim-ctf-goa-2026.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.