RE is a 40 point windows machine on HackTheBox that involves uploading an ods file with a malicious macro, abusing a winrar vulnerability and using UsoSVC together with metasploit’s incognito modul...

AI is a 30 point machine on HackTheBox that involves SQL injection via speech and abusing an exposed java debugging port. Notes SQL injection helper: #!/usr/bin/env python import subprocess im...

Player is a hard box, that we solved in unintended ways that are partly patched now. User & Root Enumerating subdomains we find: staging.player.htb, dev.player.htb, chat.player.htb. On dev....

Challenge “Weakened Keys” was an interesting crypto challenge on InfernoCTF. They gave us this to work with: Encrypted Test= '0mu0T97looX5/Oorw8ASGxfqMqrNoFajZupXrjtIAj7ECJdQXZzEmbEwdRV2J2MI' Te...

Challenge ABCDEFGHIJKLMNOPQRSTUVWXYZ ., AHTNTRZPBEMVVUGIKBZNEYN,IPAZPWEQZBROKYSAG, GLNSMIZPPNAGAUCLFRKJKHVCSTSZDSCJFMSBKMHMMRA,THANLDUULHG WDPVUQKNATYMRA THIS NEW ENCRYPTION METHOD IS EXCELLENT ...

Heist is an “easy” machine on HackTheBox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). User Flag Open Ports: 80/tcp open http 135/tcp open msrpc 44...

Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file. User Flag We use ropstar, get a shell and the user flag. Root Flag Using keepass2john we...

I encountered a lot of pwn challenges recently, so I decided to automate a lot of it in ropstar. The tool basically solves simple linux bof challenges by using rop chains to bypass nx. It can also ...

Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this box thanks to my team at the time p0l1T3am and especially ykataky. Techniques require...

Craft is a medium difficulty box. User First we enumerate sub domains and find “https://gogs.craft.htb/”, where we find credentials in the commit history: “dinesh:4aUh0A8PbVJxgd”. In addition the...