Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed a lot. User Flag Starting off with nmap we get the followin...

LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates and the abuse of a cronjob. Unfortunately the box was very ...

Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting a password from an obfuscated file and exploiting an insecure curl script. Us...

Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :) Weirdly enough I couldn’t get the user first blood – but more to that later. Root Flag Star...

Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite a bit, especially for the user part. However in the end i enjoyed the box a lot because it f...

Frolic is a medium difficulty machine on hackthebox.eu, featuring a lot of CTF-ish language conversions, the usage of a public exploit for “playsms” and (simple) custom binary exploit. User Flag ...

Carrier is a nice, medium difficulty machine on hackthebox.eu featuring information retrieval via snmp, command injection and bgp hijacking. The bgp hijacking part was a nice learning experience as...

Ethereal is a machine on hackthebox.eu that awards 50 points, the highest possible score/difficulty and requires some really fun techniques, teaching me several new things along the way. It feature...

This post is based on this article from google project zero. For more details please read their awesome post, I will just give a brief overview. Microsoft (R) Diagnostics Hub Standard Collector Se...

In this short writeup I will show how I completed Access on hackthebox.eu, a quite easy windows box that involves parsing credentials from ms office files, converting mail formats and accessing sav...