// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 79
Hack The Box — Artificial (Linux)
TensorFlow model upload RCE for initial foothold, SQLite credential extraction and cracking to SSH as gael, then Backrest hook command execution to root.
Hack The Box — DarkCorp (Windows)
Roundcube XSS and dashboard SQL injection expose internal secrets, PostgreSQL command execution provides container foothold and AD pivoting, relay and AD CS abuse compromise WEB-01, and GPO abuse from delegated admin rights leads to domain administrator access.
Hack The Box — TombWatcher (Windows)
Kerberoasting and delegated AD abuse to pivot across users, tombstone reanimation to recover cert_admin, then ESC15 certificate abuse to gain Domain Admin and root.
Hack The Box — Certificate (Windows)
Bypass file-upload filtering with concatenated ZIP polyglot to gain PHP RCE, extract webapp credentials and crack domain user hashes, then abuse ADCS ESC3 to impersonate DC01$ and compromise Administrator.
Hack The Box — Puppy (Windows)
AD graph abuse from provided credentials to access DEV share and KeePass secrets, multi-user password control pivots, and DPAPI credential decryption to reach steph.cooper_adm and root.
Hack The Box — Fluffy (Windows)
Initial domain foothold from provided credentials, credential capture via CVE-2025-24071 lure, Shadow Credentials on service accounts, and final ADCS abuse to authenticate as Administrator.
Hack The Box — Planning (Linux)
Grafana CVE-2024-9264 exploitation for container foothold, credential recovery from Grafana and cron artifacts, and root compromise via exposed cron management interface.
Hack The Box — Environment (Linux)
Laravel auth bypass to preprod session, file upload extension bypass for RCE, credential recovery from SQLite and GPG vault, and root escalation via sudo BASH_ENV abuse in systeminfo wrapper.
Hack The Box — Eureka (Linux)
Spring Boot actuator heapdump leaks Eureka and user credentials, then service-registration abuse captures miranda login traffic and a log parser command injection yields root.
Hack The Box — TheFrizz (Windows)
Gibbon v25.0.00 unauthenticated RCE gives web access, database hash cracking leads to domain credentials, Kerberos SSH access exposes recoverable artifacts, and GPO abuse grants local admin rights for full compromise.
Hack The Box — Nocturnal (Linux)
Insecure file access in view.php leaks internal document credentials, admin backup functionality exposes source and DB hashes, then ISPConfig CVE-2023-46818 leads to root.
Hack The Box — University (Windows)
RCE via ReportLab/CVE-2023-33733, pivot through internal lab with Ligolo, compromise WS-3, credential/hash reuse across domain users, then DCSync to Domain Admin.