// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 71
Hack The Box - Blurry (Linux)
ClearML artifact deserialization abuse grants shell as jippity, then writable model path and Python import hijack in evaluate_model lead to root.
Hack The Box - Boardlight (Linux)
VHost discovery leads to Dolibarr compromise via CVE-2023-30253 and root escalation through vulnerable Enlightenment SUID binaries.
Hack The Box - Caption (Linux)
Compromise through exposed GitBucket default root credentials and H2 RCE, pivot with SSH key reuse, then root via command injection in internal Logservice using crafted thrift request.
Hack The Box — Chemistry (Linux)
Initial access through a Pymatgen CIF parser RCE, lateral move to user rosa, then root via an aiohttp path traversal vulnerability.
Hack The Box - Editorial (Linux)
SSRF in file upload reaches internal API, leaked credentials enable SSH pivot, and GitPython CVE abuse in sudo script yields root.
Hack The Box — GreenHorn (Linux)
Pluck CMS credential recovery from exposed repository, authenticated ZIP upload RCE, lateral move to junior, and root access by depixeling a leaked password from a PDF image.
Hack The Box — Instant (Linux)
APK analysis reveals admin JWT and API routes, then IDOR/LFI to steal shirohige SSH key and password recovery through DB hash + Solar-PuTTY credential decryption for root.
Hack The Box — Lantern (Linux)
Skipper Proxy SSRF to reach an internal Blazor app, credential recovery from decompiled DLLs, file write abuse to plant a malicious DLL, SSH pivot as tomas, and root escalation with procmon.
Hack The Box - MagicGardens (Linux)
NoSQLi in search, SMTP user/password brute force against Docker registry, credential recovery from container data, and browser-automation attack surface research for later-stage compromise.
Hack The Box - MonitorsThree (Linux)
SQL injection in password reset endpoint leaks credentials, Cacti package import arbitrary file write provides shell, pivot to marcus, then Duplicati auth bypass and pre-backup script execution for root in container.
Hack The Box - PermX (Linux)
Chamilo LMS exploitation via CVE-2023-4220 for initial access, credential reuse to SSH, and root escalation by abusing a vulnerable ACL helper script with symlink trickery.
Hack The Box — Resource (Linux)
File upload PHAR deserialization for initial RCE, credential harvesting from DB and HAR data, SSH certificate abuse across host boundaries, and CA private key brute-force via privileged signing script to root.