This is a writeup about a retired HacktheBox machine: Obscurity This box is classified as a medium machine. It was release on December the first 2019 by clubby789. It implies some enumeration and a lot of python.

This is a writeup about a retired HacktheBox machine: Mango publish by MrR3boot on October 26 2019. This box is classified as a medium machine. It involves a interesting NoSQL injection and a SUID binary.

This box is a writeup about a retired HacktheBox machine: Traverxec. This box is rated as an easy box. It implies the exploitation of a CVE on notsromo, the use of some nostromo misconfiguration and a little trick to trigger a page with a sudo command.

This box is a writeup about a retired HacktheBox machine: Registry. This box is rated as a hard box. It was release on October 19 by thek. It implies a few rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.

This box is a writeup about a retired HacktheBox machine: Postman publish on Novemer the second 2019 by TheCyberGeek. This box is rated as easy box. It implies a redis server, a id_rsa.bak, john the ripper and webmin 1.910.

This box is a writeup about a retired HacktheBox machine: Bitlab. This box is rated as a medium box. It implies a gitlab, a user, some enumeration, a PostgreSQL database, some pain with a b64 password and some basic reverse engineering on a Windows binary.

If you just want to play with the binary: it is available in the "RemoteConnection.exe" part.

This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.

This box is a writeup about a retired HacktheBox machine: Wall. This box is rated as a medium box. It implies a lot of frustration, some bruteforce, an centreon exploit with a WAF bypass and the exploitation of a SUID screen.

This box is a writeup about a retired HacktheBox machine: Jarvis. This box is rated as a medium box. It implies a dead end, some SQL injection, a homemade script and a SUID binary.

This is a writeup about a retired HacktheBox machine: Ellingson This box is classified as a hard machine. The user is not too hard to get as it require to know python and password's cracking. The root part is really hard as this require the exploitation of a ROP buffer overflow.

Note: if you just want to play with the buffer overflow, the binary is available on this site, just go to the "Analysing the Buffer Overflow" section.