This is a writeup about a retired HacktheBox machine: Love published on May 1 2021 by pwnmeow This box is classified as an easy machine. This box implies a SSRF, some php file and an AlwaysInstallElevated privilege on a Windows box.

This is a writeup about a retired HacktheBox machine: Omni publish on August 22, 2020 by egre55. This box is rated as easy box. I was mostly intrigue by the "Other" operating system. It implies some Google search, a RAT and SecureStrings.

This is a writeup about a retired HacktheBox machine: Buff published on July 18 2020 egotisticalSW This box is classified as an easy machine. The user part just require to exploit a CVE. The root part require first to pivot to access the box's internal services then exploit another CVE.

This is a writeup about a retired HacktheBox machine: Remote published by mrb3n on Mars the 21th 2020. This box is a Windows machine classified as easy. It implies a NFS share, a vulnerable CMS, TeamViewer and a second unintended way towards root.

This is a writeup about a retired HacktheBox machine: Cascade publish on Mars 28 2020 by VbScrub. This box is rated as medium box. It implies some LDAP search, some SMB shares, a VNC registry, some reverse engineering and the AD Recycle Bin.

This is a writeup about a retired HacktheBox machine: Sauna published on February the 15th 2020 by egotisticalSW This box is classified as an easy machine. This box has a lot of similarities with forest: The user part require some smart enumeration. The second user also require to enumerate the box and the root part is a "simple" exploitation of the second user's privileges.

This article is a writeup about a retired HacktheBox machine: ServMon publish on April 11 2020 by dmw0ng. This box is rated as an easy box. This box is really unstable and can be a pain as there is a lot of reset on public server. It implies an anonymous FTP, a Passwords.txt file and two exploits.

This is a writeup about a retired HacktheBox machine: Monteverde published on January the 11th 2020 by egre55. This box is classified as a medium machine. The user part is quit direct and easy and involve to enumerate a few basic services. The root part was harder for me as it is based on a specific issue with Azure AD and Password Hash Synchronisation.

This is a writeup about a retired HacktheBox machine: Nest This box is classified as an easy machine. It was publish on January the 25th by VbScrub. This box is a bit different that the other ones on HTB. Until the last step you never have a shell on the box (and none is needed to root it). All commands and enumeration are done on the SMB service. There is also a personnalized service HQK.

Getting user involve understanding a bit of cryptography (homemade combination of base64 and AES) but nothing too complexe.

Getting root required to decompile some .NET executable to get some parameter for the homemade encryption.

This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.