This is a writeup about a retired HacktheBox machine: Obscurity This box is classified as a medium machine. It was release on December the first 2019 by clubby789. It implies some enumeration and a lot of python.

This is a writeup about a retired HacktheBox machine: OpenAdmin created by dmw0ng and publish on January 4, 2020. This box is classified as an easy machine. The user part is longer than the root part and involve to find a vulnerable component, exploit it to get a shell, found the creds of an user able to connect using SSH then found another webservice to get the private SSH key of a second user. The root part is simply exploiting a sudo permission on nano to execute command.

This weekend I participate to the Hackpack CTF with the team hackers for the jilted generation (mostly me this time). We finished 126th with 811 points. Here are some writeup about the challenges.

This is a writeup about a retired HacktheBox machine: Mango publish by MrR3boot on October 26 2019. This box is classified as a medium machine. It involves a interesting NoSQL injection and a SUID binary.

This weekend I participate to the DawgCTF with the team hackers for the jilted generation. We finished 46th with 4530 points. Here are some writeup about the cryptography challenges.

This box is a writeup about a retired HacktheBox machine: Traverxec. This box is rated as an easy box. It implies the exploitation of a CVE on notsromo, the use of some nostromo misconfiguration and a little trick to trigger a page with a sudo command.

This box is a writeup about a retired HacktheBox machine: Registry. This box is rated as a hard box. It was release on October 19 by thek. It implies a few rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.

This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.

This box is a writeup about a retired HacktheBox machine: Postman publish on Novemer the second 2019 by TheCyberGeek. This box is rated as easy box. It implies a redis server, a id_rsa.bak, john the ripper and webmin 1.910.

"Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API."