// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 87
Hack The Box — Puppy (Windows)
AD graph abuse from provided credentials to access DEV share and KeePass secrets, multi-user password control pivots, and DPAPI credential decryption to reach steph.cooper_adm and root.
Hack The Box — Fluffy (Windows)
Initial domain foothold from provided credentials, credential capture via CVE-2025-24071 lure, Shadow Credentials on service accounts, and final ADCS abuse to authenticate as Administrator.
Hack The Box — Planning (Linux)
Grafana CVE-2024-9264 exploitation for container foothold, credential recovery from Grafana and cron artifacts, and root compromise via exposed cron management interface.
Hack The Box — Environment (Linux)
Laravel auth bypass to preprod session, file upload extension bypass for RCE, credential recovery from SQLite and GPG vault, and root escalation via sudo BASH_ENV abuse in systeminfo wrapper.
Hack The Box — Eureka (Linux)
Spring Boot actuator heapdump leaks Eureka and user credentials, then service-registration abuse captures miranda login traffic and a log parser command injection yields root.
Hack The Box — TheFrizz (Windows)
Gibbon v25.0.00 unauthenticated RCE gives web access, database hash cracking leads to domain credentials, Kerberos SSH access exposes recoverable artifacts, and GPO abuse grants local admin rights for full compromise.
Hack The Box — Nocturnal (Linux)
Insecure file access in view.php leaks internal document credentials, admin backup functionality exposes source and DB hashes, then ISPConfig CVE-2023-46818 leads to root.
Hack The Box — University (Windows)
RCE via ReportLab/CVE-2023-33733, pivot through internal lab with Ligolo, compromise WS-3, credential/hash reuse across domain users, then DCSync to Domain Admin.
Hack The Box — Code (Linux)
Python code execution filter bypass leads to app shell, SQLite user hash cracking gives martin access, and path sanitization bypass in backy.sh reveals root data and SSH key.
Hack The Box — Cypher (Linux)
Neo4j Cypher injection leads to auth bypass and data exfiltration, a vulnerable custom APOC function gives command injection, and privileged BBOT module loading yields root.
Hack The Box — Scepter (Windows)
NFS certificate discovery and ADCS abuse chain from d.baker to h.brown, ACL and altSecurityIdentities mapping to compromise p.adams, then DCSync to Administrator.
Hack The Box — Dog (Linux)
Exposed Backdrop CMS source reveals credentials, module upload abuse gives web RCE, and sudo access to `bee` allows direct PHP command execution to root.