Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing. User Flag Starting with a tcp port scan we get the following result: 80/tc...

Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving password hashes from backups (via SAM) and a privilege escalation that involves sto...

This short write-up is about Irked, a rather easy machine on hackthebox featuring an irc backdoor, some steganography and a simple abuse of a custom binary. User Flag The initial scan shows the f...

Kryptos is 50 points machine on hackthebox, involving some interesting techniques, like setting up a fake database and making the application use it, abusing a weak rc4 implementation, pivoting thr...

Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed a lot. User Flag Starting off with nmap we get the followin...

LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates and the abuse of a cronjob. Unfortunately the box was very ...

Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting a password from an obfuscated file and exploiting an insecure curl script. Us...

Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :) Weirdly enough I couldn’t get the user first blood – but more to that later. Root Flag Star...

Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite a bit, especially for the user part. However in the end i enjoyed the box a lot because it f...

Frolic is a medium difficulty machine on hackthebox.eu, featuring a lot of CTF-ish language conversions, the usage of a public exploit for “playsms” and (simple) custom binary exploit. User Flag ...