diff --git a/2023_huntress_ctf/operation_eradication/writeup.md b/2023_huntress_ctf/operation_eradication/writeup.md
index 69955a1..5e2f32e 100644
--- a/2023_huntress_ctf/operation_eradication/writeup.md
+++ b/2023_huntress_ctf/operation_eradication/writeup.md
@@ -7,15 +7,16 @@ Oh no! A ransomware operator encrypted an environment, and exfiltrated data that
 Luckily, we found what looks like a configuration file, that seems to have credentials to the actor's storage server... but it doesn't seem to work. Can you get onto their server and delete all the data they stole!?
 
 with that you get some credentials:
+```
 type = webdav
 url = http://localhost/webdav
 vendor = other
 user = VAHycYhK2aw9TNFGSpMf1b_2ZNnZuANcI8-26awGLYkwRzJwP_buNsZ1eQwRkmjQmVzxMe5r
 pass = HOUg3Z2KV2xlQpUfj6CYLLqCspvexpRXU9v8EGBFHq543ySEoZE9YSdH7t8je5rWfBIIMS-5
-
+```
 ## how to solve
 
-1. the credentials are for rclone 
+the credentials are for rclone 
 
 ```bash
 # get the path to rclone config 
@@ -38,4 +39,7 @@ cat php-reverse-shell.php
 
 # now on the server with netcat a shell should pop up
 # the flag is in /var/www/html/index.php
-```
\ No newline at end of file
+```
+
+## resources
+https://rclone.org/docs/