HTB: DevArea Writeup
DevArea is a Medium-difficulty Linux machine released as part of HTB season 10.
HTB: Kobold Writeup
Kobold is a Easy-difficulty Linux machine released as part of HTB season 10.
HTB: CCTV Writeup
CCTV is a Easy-difficulty Linux machine released as part of HTB season 10.
HTB: Pirate Writeup
Pirate is a Hard-difficulty Windows machine released as part of HTB Season 10. Exploit Pre-Windows 2000 machine accounts, dump gMSA hashes, pivot through internal networks, and chain RBCD relay with SPN injection to achieve full Domain Admin.
HTB: Interpreter Writeup
Interpreter is a Medium-difficulty Linux machine released as part of HTB season 10.
HTB: Pterodactyl Writeup
Pterodactyl is a Medium-difficulty Linux machine released as part of HTB season 10.
HTB: WingData Writeup
WingData is a Easy-difficulty Linux machine released as part of HTB season 10.
HTB: Facts Writeup
Facts is a Easy-difficulty Linux machine released as part of HTB season 10.
2025 Cyber Apocalypse: Crypto Traces
Exploit AES-CTR mode vulnerability in a custom IRC-like server with reused counter initialization
2025 Cyber Apocalypse: Silent Trap
Analyze compromised system through network traffic and memory forensics to uncover malware deployment and credential theft
2025 Cyber Apocalypse: Stealth Invasion
Analyze memory dump of compromised Linux system to uncover malicious Chrome extension and credential theft
2025 Cyber Apocalypse: Arcane Auctions
Identify and exploit secure coding vulnerabilities in a web application
2025 Cyber Apocalypse: Web Cyber Attack
Exploit path traversal vulnerability in a PHP web application to extract the flag
HTB: code Writeup
code is a Easy-difficulty Linux machine from HackTheBox.
HTB: EscapeTwo Writeup
EscapeTwo is an Easy-difficulty Windows Active Directory machine from HackTheBox featuring SMB enumeration, credential extraction from Excel files, SQL Server exploitation, and Kerberos abuse.
2024 Hack The Boo: Ghostly Persistence
Analyze Windows event logs to uncover two-part flag hidden in PowerShell command execution and log artifacts
2024 Hack The Boo: TerrorFryer
Reverse engineer a binary that uses Fisher-Yates shuffling to find the original input string
2024 Hack The Boo: Practice
Reverse engineer encoded strings from JavaScript code to extract hidden data
2024 Hack The Boo: Cursed Stale Policy
Exploit stale cache policy vulnerabilities in a web application with Content Security Policy analysis
2024 Hack The Boo: Waywitch
Exploit JWT authentication bypass and token manipulation in a Node.js web application
HTB: inflitrator Writeup
inflitrator is a Hard-difficulty Windows machine from HackTheBox.
HTB: PermX Writeup
PermX is an Easy-difficulty Linux machine from HackTheBox.
HTB: blazorized Writeup
blazorized is a Hard-difficulty Windows domain controller machine from HackTheBox.
HTB: axlle Writeup
axlle is a Hard-difficulty Windows machine from HackTheBox.
HTB: editorial Writeup
editorial is an Easy-difficulty Linux machine from HackTheBox featuring SSRF vulnerability and GitPython RCE.
HTB: blurry Writeup
blurry is a Medium-difficulty Linux machine from HackTheBox.
HTB: freelancer Writeup
freelancer is a Hard-difficulty Windows machine from HackTheBox.
HTB: boardlight Writeup
boardlight is an Easy-difficulty Linux machine from HackTheBox featuring Dolibarr ERP/CRM exploitation.
2024 Business CTF - Vault of Hope: Recruitment
Smart contract challenge requiring multi-step validation including hacking skills, stealth, engineering, and demolition expertise
2024 Business CTF - Vault of Hope: Exciting Outpost Recon
Cryptography challenge using known plaintext attack to break XOR-based encryption with SHA-256 key derivation
2024 Business CTF - Vault of Hope: Protrude
AWS IAM and cloud security challenge involving credential enumeration and permission analysis
2024 Business CTF - Vault of Hope: Scurried
AWS IAM role ARN extraction challenge using role ID to construct proper ARN format
2024 Business CTF - Vault of Hope: Submerged
Full penetration test of web server with SPIP CMS exploitation, leading to initial access and system compromise
2024 Business CTF - Vault of Hope: Caving
Windows forensics challenge analyzing PowerShell logs and obfuscated scripts to detect intrusion attempts
2024 Business CTF - Vault of Hope: Survivor
Full penetration test of Ubuntu web server with SSH and HTTP services
2024 Business CTF - Vault of Hope: Swarm
Full penetration test with multi-service enumeration including SSH and HTTP on multiple ports
2024 Business CTF - Vault of Hope: Sneak Peak
ICS/SCADA challenge involving Modbus protocol communication with industrial control systems
2024 Business CTF - Vault of Hope: Rev FlagCasino
Binary reverse engineering challenge involving libc random number prediction and brute-force seed discovery
HTB: magicgarden Writeup
magicgarden is a Insane-difficulty Linux machine from HackTheBox.
HTB: solarlab Writeup
solarlab is a Medium-difficulty Windows machine featuring SMB enumeration, credential extraction from Excel files, ReportHub web application exploitation, and CVE-2023-33733 (ReportLab RCE).
HTB: mailing Writeup
mailing is a Easy-difficulty Windows machine from HackTheBox.
HTB: Intuition Writeup
Intuition is a Hard-difficulty Linux machine from HackTheBox.
HTB: usage Writeup
usage is a Easy-difficulty Linux machine from HackTheBox.
HTB: iClean Writeup
iClean (Capiclean) is a Medium-difficulty Linux machine featuring Flask SSTI exploitation and JWT-based authentication bypass.
HTB: mist Writeup
mist is a Insane-difficulty Windows machine from HackTheBox.
HTB: wifinetictwo Writeup
wifinetictwo is a Medium-difficulty Linux machine featuring OpenPLC Runtime exploitation and WiFi security attacks.
2024 Cyber Apocalypse: Dynasty
Reverse a custom Caesar cipher variant with position-dependent shift
2024 Cyber Apocalypse: Blunt
Exploit weak Diffie-Hellman with small parameters to recover shared secret and decrypt AES-CBC ciphertext
2024 Cyber Apocalypse: Russian Roulette
Exploit a weak Diffie-Hellman key exchange with small prime modulus
2024 Cyber Apocalypse: Iced Tea
Identify TEA cipher from DELTA constant and decrypt ECB-mode ciphertext with known key
2024 Cyber Apocalypse: Permuted
Break Diffie-Hellman over permutation groups using DLP algorithm on permutation cycles
2024 Cyber Apocalypse: Makeshift
Reverse a trivial string transformation: reverse flag then rearrange groups of three
2024 Cyber Apocalypse: Primary Knowledge
Exploit RSA implementation using prime modulus instead of semiprime
2024 Cyber Apocalypse: Data Siege
Exploit ActiveMQ vulnerability, extract .NET malware, decrypt C2 communications, and recover multi-part flag
2024 Cyber Apocalypse: Phreaky
Analyze PCAP to detect SMTP exfiltration and reconstruct PDF from parts
2024 Cyber Apocalypse: Confinement
Analyze disk image to extract and decrypt ransomware, then decrypt encrypted files
2024 Cyber Apocalypse: An Unusual Sighting
Extract flag from HTML content hidden in email file
2024 Cyber Apocalypse: Fake Boost
Extract obfuscated PowerShell from PCAP, deobfuscate, decrypt AES payload, and recover flag parts
2024 Cyber Apocalypse: Game Invitation
Analyze malicious DOCM file, extract XOR-encrypted payload, decrypt JavaScript layers, and recover C2 beacon
2024 Cyber Apocalypse: Oblique Final
Analyze memory dump with Volatility and extract artifacts from system state
2024 Cyber Apocalypse: Pursue The Tracks
Analyze MFT records to answer forensic questions about file activity
2024 Cyber Apocalypse: Urgent
Decode base64 email attachments and URL-decode payloads to uncover phishing attack details
2024 Cyber Apocalypse: Character
Automate character-by-character flag extraction from server using socket programming
2024 Cyber Apocalypse: Hardware Rids
Interface with W25Q128 flash memory via SPI to read flag from device
2024 Cyber Apocalypse: Cubicle Riddle
Construct Python bytecode to find min/max values and answer the cube's riddle
2024 Cyber Apocalypse: Stop Drop and Roll
Script game responses to survive The Fray video game challenge
2024 Cyber Apocalypse: Unbreakable
Bypass blacklist filters in Python eval() to read the flag
2024 Cyber Apocalypse: Delulu
Exploit format string vulnerability to overwrite target variable
2024 Cyber Apocalypse: Pwn Tutorial
Answer integer overflow questions to retrieve the flag
2024 Cyber Apocalypse: Writing on the Wall
Exploit off-by-one vulnerability and strcmp null byte behavior
2024 Cyber Apocalypse: BoxCutter
Use strace to identify file access attempts and retrieve the flag
2024 Cyber Apocalypse: Crushing
Reverse engineer a compression algorithm and decode serialized data
2024 Cyber Apocalypse: Testimonial
Exploit gRPC path traversal to overwrite application files
2024 Cyber Apocalypse: TimeKORP
Exploit command injection in time-based functionality
2024 Cyber Apocalypse: KorpTerminal
Exploit SQL injection to retrieve credentials and login
2024 Cyber Apocalypse: PackedAway
Unpack UPX-compressed executable to reveal hidden strings and flag
2024 Cyber Apocalypse: Labyrinth Linguist
Exploit Apache Velocity Server-Side Template Injection (SSTI)
2024 Cyber Apocalypse: LockTalk
Exploit JWT vulnerabilities in python-jwt version 3.3.3
2024 Cyber Apocalypse: SerialFlow
Exploit memcached injection and Python pickle deserialization for RCE
2024 Cyber Apocalypse: Web SerialFlow
Exploit serialization vulnerabilities to achieve RCE through pickle deserialization
HTB: formulax Writeup
formulax is a Hard-difficulty Linux machine from HackTheBox.
HTB: Perfection Writeup
Perfection is an Easy-difficulty Linux machine from HackTheBox featuring Server-Side Template Injection (SSTI) in a Ruby web application.
HTB: crafty Writeup
crafty is a Easy-difficulty Windows machine from HackTheBox.
HTB: skyfall Writeup
skyfall is an Insane-difficulty Linux machine from HackTheBox featuring CVE-2023-28432 (Minio info disclosure), HashiCorp Vault integration, and advanced privilege escalation techniques.
HTB: pov Writeup
pov is a Medium-difficulty Windows machine from HackTheBox.
HTB: analysis Writeup
analysis is a Hard-difficulty Windows machine from HackTheBox.
HTB: monitored Writeup
monitored is a Medium-difficulty Linux machine from HackTheBox.
HTB: bizness Writeup
bizness is a Easy-difficulty Linux machine from HackTheBox.
HTB: corporate Writeup
corporate is a Insane-difficulty Linux machine from HackTheBox.
HTB: Surveillance Writeup
Surveillance is a Medium-difficulty Linux machine from HackTheBox featuring Craft CMS and ZoneMinder exploitation.
HTB: devvortex Writeup
devvortex is an Easy-difficulty Linux machine from HackTheBox. Exploitation involves Joomla vulnerability discovery, credential extraction, and privilege escalation via apport-cli pager escape.
HTB: hospital Writeup
hospital is a Medium-difficulty Windows machine from HackTheBox.
HTB Hack The Boo Practice: Hexoding64
Decode a flag split between hex and base64 encoding
HTB Hack The Boo Practice: SPG
Reverse engineer a password generator to decrypt an encrypted flag
HTB Hack The Boo Practice: yesnce
Exploit AES-CTR mode with predictable counter and key recovery
HTB Hack The Boo Practice: Candyvault
NoSQL injection in login form to bypass authentication
HTB Hack The Boo Practice: Web Pumpkinspice
Command injection vulnerability in localhost-restricted endpoint
HTB Hack The Boo Practice: Web Spellbound Servants
Pickle deserialization exploitation for remote code execution
HTB Hack The Boo Practice: Web Spooktastic
XSS via filter bypass using noembed tag
HTB Hack The Boo Practice: Web Candyvault
NoSQL injection in authentication bypass with MongoDB
HTB: napper Writeup
napper is a Hard-difficulty Windows machine from HackTheBox.
HTB Hack The Boo 2023: Rev Spellbrewery
.NET binary reverse engineering challenge
HTB Hack The Boo 2023: Web HauntMart
SSRF vulnerability leading to admin account creation
HTB: manager Writeup
manager is a Medium-difficulty Windows machine from HackTheBox.
HTB: Drive Writeup
Drive is a Hard-difficulty Linux machine from HackTheBox featuring a Django-based file management application with SQLite databases.
HTB: Analytics Writeup
Analytics is an Easy-difficulty Linux machine from HackTheBox featuring Metabase RCE exploitation and overlayFS privilege escalation.
HTB: visual Writeup
visual is a Medium-difficulty Windows machine from HackTheBox.
HTB: cozyhosting Writeup
cozyhosting is an Easy-difficulty Linux machine from HackTheBox featuring Spring Boot Actuator exposure, session hijacking, command injection, and SSH privilege escalation.
HTB: zipping Writeup
zipping is a Medium-difficulty Linux machine from HackTheBox featuring file upload bypass via null byte injection and privilege escalation through shared object hijacking.
HTB: cybermonday Writeup
cybermonday is a Hard-difficulty Linux machine from HackTheBox.
HTB: keeper Writeup
keeper is an Easy-difficulty Linux machine from HackTheBox featuring Request Tracker enumeration, default credential exploitation, and KeePass memory dump vulnerability exploitation.
HTB: download Writeup
download is a Hard-difficulty Linux machine from HackTheBox. Partial writeup with reconnaissance findings documented.
HTB: gofer Writeup
gofer is a Hard-difficulty Linux machine from HackTheBox.
HTB: registrytwo Writeup
registrytwo is a Hard-difficulty Linux machine from HackTheBox.
2023 Business CTF: 2244 Elections
Exploit a backdoored e-voting smart contract to manipulate election results
2023 Business CTF: Confidentiality
Forge NFT signatures to gain access to confidential Board of Arodor documents
2023 Business CTF: Contempt - Revenge
Full system compromise requiring exploitation chain through multiple vulnerabilities
2023 Business CTF: Funds Secured
Exploit a multi-signature wallet to steal crowdfunding campaign funds
2023 Business CTF: Initialization
Break AES-CTR encryption with nonce reuse vulnerability
2023 Business CTF: Unveiled
Enumerate and exploit misconfigured AWS S3 buckets to access confidential information
2023 Business CTF: Interception
Exploit weak PRNG in RSA system to decrypt enemy communications
2023 Business CTF: Vitrium Stash
Forge DSA signatures to access vitalium resource coordinates
2023 Business CTF: Paid Contr-actor
Sign a contract with a simple condition to complete military enrollment paperwork
2023 Business CTF: I'm gRoot
Forge Merkle tree signatures to detect a blockchain backdoor
2023 Business CTF: Lagmon
Exploit WordPress plugin vulnerabilities and LLM prompt injection for RCE
2023 Business CTF: Vanguard
Full exploitation of a web application with file upload vulnerability, command injection, and privilege escalation.
2023 Business CTF: Device Control
Exploit a device control server to manipulate devices or gain system access.
2023 Business CTF: PAC Breaker
Exploit a surveillance system tracking application by bypassing file restrictions and causing heap corruption.
2023 Business CTF: Hackback
Exploit a Command and Control (C2) service by exploiting vulnerabilities in its bot management system.
2023 Business CTF: Snow Scan
Bypass a bitmap scanning application by crafting a malicious BMP file to trigger code execution.
2023 Business CTF: Cobalt COBOL
Reverse engineer an ancient COBOL punch card program representing a facility update.
2023 Business CTF: Breach
Exploit a Modbus-based SCADA door control system by manipulating sensors and coils.
2023 Business CTF: ICS Intrusion
Analyze captured Modbus network traffic to extract sensitive data from industrial control registers.
2023 Business CTF: ICS Watch Tower
Analyze network captures to identify intruder reconnaissance and data tampering on industrial systems.
2023 Business CTF: Web Watersnake
Exploit a Java deserialization vulnerability in a water level monitoring application.
HTB: authority Writeup
authority is a Medium-difficulty Windows machine from HackTheBox.
HTB: sau Writeup
sau is an Easy-difficulty Linux machine from HackTheBox involving SSRF, command injection, and privilege escalation.
HTB: Pilgrimage Writeup
Pilgrimage is an Easy-difficulty Linux machine featuring an image shrinking service with exposed git repository, ImageMagick LFI, and Binwalk RCE vulnerabilities.
HTB: twomillion Writeup (Incomplete)
twomillion is an Easy-difficulty Linux machine from HackTheBox. This writeup is a skeleton with limited documentation.
HTB: pc Writeup
pc is a Easy-difficulty Linux machine from HackTheBox.
HTB: busquedas Writeup
busquedas is a Easy-difficulty Linux machine from HackTheBox.
2023 Cyber Apocalypse: Small sTeps
Exploit RSA with small public exponent e=3 using Coppersmith's attack
2023 Cyber Apocalypse: Multipage Recyclings
Exploit custom AES ECB implementation with block recycling vulnerability
2023 Cyber Apocalypse: Extraterrestrial Persistence
Analyze and decode malicious script with systemd persistence mechanism
2023 Cyber Apocalypse: Perfect Synchronization
Exploit AES ECB mode encryption with known plaintext and partial key recovery
2023 Cyber Apocalypse: Ancient Encodings
Reverse engineer a multi-layer encoding scheme involving hex conversion and base64
2023 Cyber Apocalypse: HW Debug
Hardware debugging and analysis of timing/electrical signals
2023 Cyber Apocalypse: Hijack
Exploit Python deserialization vulnerabilities in YAML and Pickle
2023 Cyber Apocalypse: Janken
Win 100 rounds of Janken by exploiting logic in string matching
2023 Cyber Apocalypse: Persistence
Automate repeated HTTP requests to extract flag from endpoint
2023 Cyber Apocalypse: Nehebkaus Trap
Exploit Python exec() filter bypass using character encoding
2023 Cyber Apocalypse: Remote Computation
Automate mathematical expression evaluation over TCP socket
2023 Cyber Apocalypse: Restricted
Escape restricted SSH environment using bash profile bypass
2023 Cyber Apocalypse: The Chasm Crossing Conundrum
Solve bridge crossing puzzle using optimal algorithm
2023 Cyber Apocalypse: Questionnaire
Buffer overflow via fgets() vulnerability in vulnerable C binary
2023 Cyber Apocalypse: Getting Started
Buffer overflow exploitation using controlled payload delivery
2023 Cyber Apocalypse: CSHells
Reverse engineer custom shell binary and crack XOR-encrypted password
2023 Cyber Apocalypse: Cave System
Solve complex multi-condition logic puzzle in binary
2023 Cyber Apocalypse: Shattered Tablet
Reconstruct input string by analyzing multi-byte field access patterns
2023 Cyber Apocalypse: Orbital
Exploit SQL injection vulnerability and use path traversal to extract flag
2023 Cyber Apocalypse: Didactic Octo Paddle
Exploit IDOR and JWT vulnerabilities in shopping application
2023 Cyber Apocalypse: Hunting License
Crack three-stage password validation in binary using string reversal and XOR
2023 Cyber Apocalypse: Passman
Exploit IDOR vulnerability in GraphQL API to access admin data
HTB: inject Writeup
inject is a Easy-difficulty Linux machine from HackTheBox.
HTB: interface Writeup
interface is a Medium-difficulty Linux machine from HackTheBox.
HTB: stocker Writeup
stocker is an Easy-difficulty Linux machine from HackTheBox.
HTB: soccer Writeup
soccer is an Easy-difficulty Linux machine from HackTheBox featuring web file manager exploitation, SQL injection via WebSocket, and privilege escalation through doas.
2022 Hack The Boo: Gonna Lift Em All
Discrete log problem with extremely small prime - trivial brute force attack
2022 Hack The Boo: Whole Lotta Candy
AES encryption challenge with multiple block cipher modes - exploit ECB mode weakness
2022 Hack The Boo: Cursed Party
JWT authentication bypass through XSS to steal admin session and access flag
2022 Hack The Boo: Evaluation Deck
Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation
2022 Hack The Boo: Horror Feeds
SQL injection in user registration leading to authentication bypass and flag theft
2022 Hack The Boo: Juggling Facts
IP spoofing via X-Forwarded-For header to bypass localhost-only admin access
2022 Hack The Boo: Spookifier
Server-Side Template Injection (SSTI) in Mako template engine leading to RCE
HTB: Photoshop Writeup
Photoshop is a Medium-difficulty Windows machine from HackTheBox.
HTB: ambassador Writeup
ambassador is a Medium-difficulty Linux machine from HackTheBox.