0xPThree

Pentester, HTB enjoyer
0-day contributor

Recent Posts

Scrambled - Hack The Box

Scrambled is a hard-rated Windows machine from Hack The box, and upon completion I got rank 1 in Sweden! My view on this box is unfairly skewed by the case for rank 1 making this more of a chore then a enjoyable learning experience. Looking back the box is really cool showcasing tickets and their power, something I’m not super comfortable with as I lean more towards Linux rather then Windows. This was a good and educational box going for user, but I feel like the path to root was a bit to simple. I can see how Windows gurus would love this box, so if that’s you go ahead and get started!

Carpediem - Hack The Box

Carpediem is a hard-rated Linux machine from Hack The Box and probably one of the best, if not even the best, box I’ve done. This is a HUGE box with a lot of different containers and feels very real world. We have to pivot left and right, enumerate a lot and probably do 3-4 privilege escalations before we’re finally root. Because of the big scope this box took me a few days to complete and I got stuck on several places along the way. The path to user was very fun and even incorporates VoIP as a vector, path to root introduced me to a new docker escape that was amazing - I can’t wait to try it out in the real world! If you haven’t done this box yet, make sure that you try it out.

Extension - Hack The Box

Extensionis a hard-rated Linux machine from Hack The Box. This is a very interesting machine that’s beautifully made, the attack surface is slim and there are a lot of rabbit holes to waste time on. Looking back on each vulnerability they all seem easy, but finding them all took a lot of time and effort - I think I spent around 25 hours in total on this box. Even though it took a lot of time, I really enjoyed it - especially the XSS part as it showcases the real dangers of XSS. I did learn a lot from this machine and I deeply recommend it to anyone!

UpDown - Hack The Box

UpDown is a medium-rated Linux machine from Hack The Box. Just as it’s name this box has it’s Ups and Downs. The path to foothold was very fun and fairly easy solved using python, I took my time to write a script to streamline the attack chain. However once on the box, both privilege escalation vectors from www-data to user, and user to root, was very underwhelming and solved in under 10 minutes total. For me this was an easy medium box, and I did enjoy most of it. I learned a few new things and but mostly deepened my knowledge about PHP.

Moderators - Hack The Box

Moderators is a hard-rated Linux machine from Hack The Box. Doing this box about a month after release it has a very low rating of only 2.6, and honestly I do agree. Throughout this box you’ll enumerate, enumerate and then enumerate some more. The few vulnerabilities presented have low quality in terms that you will learn little to nothing. That path to root is unique but sadly more annoying then fun/interesting. I see why the box creator went this way, as it show cases something never seen on Hack The Box - but to be honest, this box has nothing to do with hacking. If you need the points, go ahead and do this box, if not I’d advise you to do something else with your time.

Vessel - Hack The Box

Vessel is a hard-rated Linux machine from Hack The Box. I really really liked this box, it was straight to the point and not any real rabbit holes. The path to both user and root was easily identified, however getting there took a lot of research and some time spent bashing the head on the keyboard. There are scripting parts needed to complete this box, something that I am not very good at, but it was simple enough for even me to enjoy it. I was introduced to a few new tools and techniques, and learned a lot. This is an amazing box, I would recommend it to anyone that enjoys scripting or would like to learn.

Faculty - Hack The Box

Faculty is a medium-rated Linux machine from Hack The Box. This is one of the most fun boxes I’ve done in a while, maybe due to the fact that I never got caught in any rabbit hole. Faculty is straight forward and have quiet simple exploits for both user and root. Even if the path to root was very short, it showcase the importance of Linux capabilities and deepend my knowledge of gdb. It teached me to pay attention and if something looks weird, it probably is weird. I would rate this one the easier side of medium, if not even easy.

Shared - Hack The Box

Shared is a medium-rated Linux machine from Hack The Box. Compared to the last few boxes I’ve done, this was a real smooth ride as we’re basically jumping from exploit to exploit. The path for each step is clear and there are plenty of hints along the way. Looking back the box have sharpened my knowledge in some areas, while also introducing tools I’ve never seen or used before. For me this medium box is on the easier side of medium and didn’t take many hours at all to complete. It was a fun experience and I’d recommend the box to you!

Health - Hack The Box

Health was a easy-rated Linux machine from Hack The Box, that later got bumped to medium. The initial foothold shows you a new unique way of attacking unreachable services that I really appreciate. Im not sure if this approach could be streamlined, but I did it manually which was very time consuming and unintuitive. Looking back I do agree that this should be a medium box rather then easy, but I can see why they set easy rating to start with as there are very few steps if you know what you’re doing. Conclusion, I need to deepen my MySQL skills.

Outdated - Hack The Box

Outdated is a medium-rated Windows machine from Hack The Box. With a release containing a massive unintended path (Zerologon), paired with huge stability issues, this box has been one of the least enjoyable in a good while; mainly due to frustration. Each individual step along the way is unique and the concept is cool, but the execution is sadly lacking. Nevertheless I deepened my knowledge of Windows AD structure and gained a new privesc tool that might come in handy for future tests.