Challenge ABCDEFGHIJKLMNOPQRSTUVWXYZ ., AHTNTRZPBEMVVUGIKBZNEYN,IPAZPWEQZBROKYSAG, GLNSMIZPPNAGAUCLFRKJKHVCSTSZDSCJFMSBKMHMMRA,THANLDUULHG WDPVUQKNATYMRA THIS NEW ENCRYPTION METHOD IS EXCELLENT ...

Heist is an “easy” machine on HackTheBox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). User Flag Open Ports: 80/tcp open http 135/tcp open msrpc 44...

Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file. User Flag We use ropstar, get a shell and the user flag. Root Flag Using keepass2john we...

I encountered a lot of pwn challenges recently, so I decided to automate a lot of it in ropstar. The tool basically solves simple linux bof challenges by using rop chains to bypass nx. It can also ...

Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this box thanks to my team at the time p0l1T3am and especially ykataky. Techniques require...

Craft is a medium difficulty box. User First we enumerate sub domains and find “https://gogs.craft.htb/”, where we find credentials in the commit history: “dinesh:4aUh0A8PbVJxgd”. In addition the...

This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used on this box are javascript deobfuscation, command injection...

Haystack is a 20 points machine on hackthebox, which in my opinion is not as easy as one might think. It involves some typical ctf steps for user and a nice privilege escalation which requires abus...

In this post I will walk through the process of creating a simple coverage based fuzzer. The code of this project is on available here. The general idea here is that you download the code and read ...

Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning. User Flag ...