This box is a writeup about a retired HacktheBox machine: Jarvis. This box is rated as a medium box. It implies a dead end, some SQL injection, a homemade script and a SUID binary.

This is a writeup about a retired HacktheBox machine: Ellingson This box is classified as a hard machine. The user is not too hard to get as it require to know python and password's cracking. The root part is really hard as this require the exploitation of a ROP buffer overflow.

Note: if you just want to play with the buffer overflow, the binary is avlaible on this site, just go to the "Analysing the Buffer Overflow" section

This article is a writeup about a retired HacktheBox machine: Writeup. (Yes the machine name is writeup, searching a writeup for writeup will be a funny thing.). The machine is classed as an easy one. It involves vulnerability in a known CMS as well as "PATH vulnerability" for the privilege escalation.

This article is a writeup about a retired HacktheBox machine: Swagshop This box was suppose to be an easy one. Turns out it wasn't. I struggle a lot in wrong direction and finally found a path to root this magento box.

This article presents the different methods which failed on the box as well as the solution to root it.

I started to work on Hack The Box machine in 2018. This is a writeup for the retired Jerry machine.

After the bulldog machine I worked on the born2root one. A simple boot2root machine by Hadi Mene.

At the moment I have some times to work again on vulhub virtual machine. So here I picked the first one at the moment: Bulldog: 1 A simple boot2root machine by Nick Frichette.

As droopy was not really hard and doesn't contain as much web vulnerability as I would hope for, I tried an other VM SecTalks: BNE0x03 - Simple There were also hints on the description of the machine but with my resolution they do not appear when just browsing the main page of vulnhub so I have not spoiled myself with the hints this time.

A few days ago, I installed a new pentesting box based on Arch Linux with Kali

in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:

1. Grab a copy of the rockyou wordlist.
2. It's fun to read other people's email.

We will see how to use them in a moment :)

Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.