// SYSTEM_INFO — READ BEFORE PROCEEDING
Welcome to m4rthacks — a personal archive of CTF writeups, hacking notes, tools, and tips & tricks.
You'll find detailed walkthroughs of Capture The Flag challenges across categories like web exploitation, binary exploitation, cryptography, reverse engineering, forensics, and OSINT. Each writeup breaks down the thought process, the tools used, and the steps taken to get the flag.
Feel free to explore, learn, and hack responsibly.
WRITEUPS: 79
Hack The Box — Blazorized (Windows)
JWT key recovery from client DLL, SQL injection to enable xp_cmdshell for foothold, AD abuse chain with WriteSPN and scripted logon path manipulation, then DCSync to Administrator.
Hack The Box - PermX (Linux)
Chamilo LMS exploitation via CVE-2023-4220 for initial access, credential reuse to SSH, and root escalation by abusing a vulnerable ACL helper script with symlink trickery.
Hack The Box - Editorial (Linux)
SSRF in file upload reaches internal API, leaked credentials enable SSH pivot, and GitPython CVE abuse in sudo script yields root.
Hack The Box - Blurry (Linux)
ClearML artifact deserialization abuse grants shell as jippity, then writable model path and Python import hijack in evaluate_model lead to root.
Hack The Box - Freelancer (Windows)
Web logic flaw leads to admin access, MSSQL xp_cmdshell gives shell, memory dump forensics leaks credentials, and RBCD path from lorra199 yields domain admin hash and final Administrator access.
Hack The Box - Boardlight (Linux)
VHost discovery leads to Dolibarr compromise via CVE-2023-30253 and root escalation through vulnerable Enlightenment SUID binaries.
Hack The Box - SolarLab (Windows)
Anonymous SMB document leak exposes credentials, ReportLab PDF injection gives code execution, then credential pivoting through app/Openfire data leads to Administrator shell.