> m4rt@CTF_ARCHIVE:~$

// SYSTEM_INFO — READ BEFORE PROCEEDING

Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.

You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.

Feel free to explore, learn, and hack responsibly.

WRITEUPS: 87

MACHINE WINDOWS
DIFFICULTY: EASY

Hack The Box — Eighteen (Windows)

MSSQL impersonation and hash capture lead to web/admin and WinRM access, then BadSuccessor abuse with dMSA enables DCSync-style extraction of Administrator credentials.

Hack The Box [READ MORE →]
MACHINE WINDOWS
DIFFICULTY: HARD

Hack The Box — DarkZero (Windows)

Initial AD foothold with provided credentials, MSSQL linked-server pivot to darkzero.ext, AD CS abuse and local privilege escalation to SYSTEM on DC02, then cross-forest unconstrained delegation abuse to compromise DC01 and obtain root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Browsed (Linux)

Malicious Chrome extension recon reveals an internal Gitea host, argument injection in a local routine runner yields RCE as larry, and Python bytecode injection in a sudo-allowed extension tool leads to root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Gavel (Linux)

SQL injection in inventory.php to recover credentials, admin rule RCE, then privilege escalation via gavel-util and PHP config abuse to root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Expressway (Linux)

IKE/IPsec enumeration reveals a valid group ID and PSK, cracking gives SSH access as ike, and sudo CVE-2025-32463 leads to root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Guardian (Linux)

IDOR in student chats reveals Gitea credentials, XLSX sheet-name XSS steals a lecturer session, notice-link admin browsing enables PHP filter-chain RCE, then hash cracking and sudo abuse lead to root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — GiveBack (Linux)

WordPress (GiveWP) RCE, pivot in Kubernetes environment, secret extraction, SSH access as babywyrm, and root via runc CVE-2024-21626 through /opt/debug.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Soulmate (Linux)

CrushFTP authentication bypass gives admin panel control, uploaded PHP web shell yields www-data, local credential discovery gives ben, and Erlang SSH CVE-2025-32433 leads to root.

Hack The Box [READ MORE →]
MACHINE WINDOWS
DIFFICULTY: MEDIUM

Hack The Box — Signed (Windows)

MSSQL pivot from low-priv credentials, NTLM hash capture/cracking, Kerberos ticket forging for SQL privilege escalation, and NTLM reflection to WinRMS SYSTEM.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: EASY

Hack The Box — CodeTwo (Linux)

js2py sandbox escape (CVE-2024-28397) gives initial shell, SQLite hash extraction yields SSH credentials, and npbackup-cli raw restic abuse discloses root data and SSH key.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Imagery (Linux)

Stored XSS steals an admin session, path traversal exposes source and hashes, command injection grants web shell, and charcol abuse leads to root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — HackNet (Linux)

Django SSTI leaks user credentials, SSH access is obtained as mikey, file-based Django cache poisoning leads to sandy, and cracked GPG backup secrets lead to root.

Hack The Box [READ MORE →]