// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 71
Hack The Box - SolarLab (Windows)
Anonymous SMB document leak exposes credentials, ReportLab PDF injection gives code execution, then credential pivoting through app/Openfire data leads to Administrator shell.
Hack The Box — University (Windows)
RCE via ReportLab/CVE-2023-33733, pivot through internal lab with Ligolo, compromise WS-3, credential/hash reuse across domain users, then DCSync to Domain Admin.
Hack The Box — Alert (Linux)
Contact form SSRF/XSS chain to exfiltrate internal messages and LFI data, credential recovery from .htpasswd, SSH as albert, and root command execution through writable website-monitor config.
Hack The Box — Artificial (Linux)
TensorFlow model upload RCE for initial foothold, SQLite credential extraction and cracking to SSH as gael, then Backrest hook command execution to root.
Hack The Box — Backfire (Linux)
Exposed Havoc config leaks operator creds, SSRF-to-RCE lands shell as ilya, HardHatC2 auth bypass gives command execution as sergej, and sudo iptables abuse writes root authorized_keys.
Hack The Box — BigBang (Linux)
BuddyForms insecure deserialization and filter-chain tricks leak WordPress secrets, CNEXT exploitation gives container RCE, credential reuse and Grafana DB cracking lead to developer, and command injection in the satellite API yields root.
Hack The Box — BlockBlock (Linux)
Admin JWT theft via reported XSS, Ethereum JSON-RPC data extraction for credentials, local escalation from keira to paul through forge misuse, and root via pacman hook abuse.
Hack The Box — Cat (Linux)
Stored XSS steals admin session, SQLite injection writes web shell, credential reuse and log leakage pivot to axel, then Gitea XSS-driven repo theft reveals root credentials.
Hack The Box — Checker (Linux)
TeamPass credential disclosure and BookStack blind SSRF/LFR expose SSH MFA secret, then a vulnerable root sudo binary is reversed and exploited through shared-memory tampering to command injection and root shell.
Hack The Box — Code (Linux)
Python code execution filter bypass leads to app shell, SQLite user hash cracking gives martin access, and path sanitization bypass in backy.sh reveals root data and SSH key.
Hack The Box — CodeTwo (Linux)
js2py sandbox escape (CVE-2024-28397) gives initial shell, SQLite hash extraction yields SSH credentials, and npbackup-cli raw restic abuse discloses root data and SSH key.
Hack The Box — Cypher (Linux)
Neo4j Cypher injection leads to auth bypass and data exfiltration, a vulnerable custom APOC function gives command injection, and privileged BBOT module loading yields root.