// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 79
Hack The Box — Cicada (Windows)
Anonymous SMB share discovery, password reuse across domain users, credential pivot to emily.oscars, then Backup Operators abuse with SeBackupPrivilege to read Administrator flag.
Hack The Box - MagicGardens (Linux)
NoSQLi in search, SMTP user/password brute force against Docker registry, credential recovery from container data, and browser-automation attack surface research for later-stage compromise.
Hack The Box - Trickster (Linux)
Initial foothold through PrestaShop CVE-2024-34716, credential extraction from database, pivot to james user, then container escape path via changedetection.io SSTI and reused root password.
Hack The Box - Caption (Linux)
Compromise through exposed GitBucket default root credentials and H2 RCE, pivot with SSH key reuse, then root via command injection in internal Logservice using crafted thrift request.
Hack The Box - MonitorsThree (Linux)
SQL injection in password reset endpoint leaks credentials, Cacti package import arbitrary file write provides shell, pivot to marcus, then Duplicati auth bypass and pre-backup script execution for root in container.
Hack The Box - Sightless (Linux)
SQLPad SSTI leads to container root shell, credential cracking yields michael access, browser automation credential theft for Froxlor admin, and command execution via PHP-FPM restart command to root.
Hack The Box — Sea (Linux)
Contact form browser callback abuse, WonderCMS XSS-to-RCE, credential recovery from config hash, SSH pivot, and command injection in an internal analysis feature to read root flag.
Hack The Box — Compiled (Windows)
Abuse of insecure Git clone automation through submodule hook RCE for initial access, credential extraction from Gitea DB, WinRM access as emily, and local privilege escalation via CVE-2024-20656 to SYSTEM.
Hack The Box — GreenHorn (Linux)
Pluck CMS credential recovery from exposed repository, authenticated ZIP upload RCE, lateral move to junior, and root access by depixeling a leaked password from a PDF image.
Hack The Box — Lantern (Linux)
Skipper Proxy SSRF to reach an internal Blazor app, credential recovery from decompiled DLLs, file write abuse to plant a malicious DLL, SSH pivot as tomas, and root escalation with procmon.
Hack The Box — Resource (Linux)
File upload PHAR deserialization for initial RCE, credential harvesting from DB and HAR data, SSH certificate abuse across host boundaries, and CA private key brute-force via privileged signing script to root.
Hack The Box - Axlle (Windows)
Malicious Excel XLL delivery through internal mail yields foothold, phishing-style HTA/URL pivot gives domain user shell, BloodHound abuse of ForceChangePassword enables lateral movement, and StandaloneRunner writable path abuse escalates to Administrator.