> m4rt@CTF_ARCHIVE:~$

// SYSTEM_INFO — READ BEFORE PROCEEDING

Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.

You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.

Feel free to explore, learn, and hack responsibly.

WRITEUPS: 87

MACHINE LINUX
DIFFICULTY: EASY

Hack The Box — LinkVortex (Linux)

Ghost admin credential leak through exposed Git repository, arbitrary file read in Ghost 5.58.0, SSH access as bob, and root via sudo environment variable injection in clean_symlink.sh.

Hack The Box [READ MORE →]
MACHINE WINDOWS
DIFFICULTY: INSANE

Hack The Box — Ghost (Windows)

Multi-stage compromise from LDAP injection and Ghost API file read to container escape pathing, AD trust key extraction, cross-realm golden ticket forging, and final domain admin access.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: HARD

Hack The Box — BlockBlock (Linux)

Admin JWT theft via reported XSS, Ethereum JSON-RPC data extraction for credentials, local escalation from keira to paul through forge misuse, and root via pacman hook abuse.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: EASY

Hack The Box — Alert (Linux)

Contact form SSRF/XSS chain to exfiltrate internal messages and LFI data, credential recovery from .htpasswd, SSH as albert, and root command execution through writable website-monitor config.

Hack The Box [READ MORE →]
MACHINE WINDOWS
DIFFICULTY: MEDIUM

Hack The Box — Certified (Windows)

AD attack chain from initial domain creds, WriteOwner/WriteMembers abuse, shadow credentials, certificate abuse (ESC9), and final Administrator hash authentication.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: EASY

Hack The Box — Chemistry (Linux)

Initial access through a Pymatgen CIF parser RCE, lateral move to user rosa, then root via an aiohttp path traversal vulnerability.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box — Instant (Linux)

APK analysis reveals admin JWT and API routes, then IDOR/LFI to steal shirohige SSH key and password recovery through DB hash + Solar-PuTTY credential decryption for root.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: HARD

Hack The Box — Yummy (Linux)

LFI in iCalendar export, JWT/RSA weakness for admin access, SQLi in admin dashboard, then Mercurial hook abuse and rsync sudo misconfiguration to retrieve root SSH key.

Hack The Box [READ MORE →]
MACHINE WINDOWS
DIFFICULTY: EASY

Hack The Box — Cicada (Windows)

Anonymous SMB share discovery, password reuse across domain users, credential pivot to emily.oscars, then Backup Operators abuse with SeBackupPrivilege to read Administrator flag.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: INSANE

Hack The Box - MagicGardens (Linux)

NoSQLi in search, SMTP user/password brute force against Docker registry, credential recovery from container data, and browser-automation attack surface research for later-stage compromise.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: MEDIUM

Hack The Box - Trickster (Linux)

Initial foothold through PrestaShop CVE-2024-34716, credential extraction from database, pivot to james user, then container escape path via changedetection.io SSTI and reused root password.

Hack The Box [READ MORE →]
MACHINE LINUX
DIFFICULTY: HARD

Hack The Box - Caption (Linux)

Compromise through exposed GitBucket default root credentials and H2 RCE, pivot with SSH key reuse, then root via command injection in internal Logservice using crafted thrift request.

Hack The Box [READ MORE →]