Security Blog, Rants, Raves, Write-ups, and Code
hACK tHE bOX - eASY
At this time Active boxes and Challenges will not be available, but most retired boxes and challenges are here.
any writeups posted after march 6, 2021 include a pdf from pentest.ws instead of a ctb Cherry Tree file.
I've seen several people "complaining" that those of us doing these writeups are not explaining "why" something needs to be added to /etc/hosts. Well, here's the why. If a website is expecting the DNS name and blocking IP requests (i.e http://10.10.11.105 NO and http://horizontall.htb YES) then we need to send the request as to the DNS name. Except without the entry into /etc/hosts, our machine has no idea who, what, when, or where http://horizontall.htb is in order to pull up the page. So, to those citing "plagerism" on these writeups for not explaining why and what /etc/hosts exists and does, let me say this "Penetration Testing expects you to understand basic networking, systems administration, DNS, Linux knowledge, and a lot more. If you don't know, LEARN before you start accusing people of something as serious as Plagerism." and yes, you can quote me on that.
UPDATE: jANUARY 29, 2022: All Retired Boxes to date are up and online. I am still working on the hardware, Mobile, pwn, reversing, and web categories of challenges.
UPDATE: Any writeups after April 6, 2023 will have a video walkthrough as well. Items in Green Have video walkthroughs
BOXES
Academy
Access
Active
Admirer
Antique
Arctic
Armageddon
Bank
Bashed
Bastion
Blocky
Blue
Blunder
Bounty
Bounty
Hunter
Buff
Cap
Curling
Delivery
Devel
Doctor
Explore
Forest
Friendzone
Frolic
Grandpa
Granny
Haystack
Heist
Help
Horizontall
Irked
Jerry
Knife
LaCasa
DePapel
Laboratory
Lame
Legacy
Love
Luanne
Mirai
Nest
Netmon
Networked
Nibbles
NodeBlog
Nunchucks
Ommi
Open Admin
Optimum
Postman
Previse
Remote
Return
Safe
Sauna
Script
Kiddie
Sense
ServMon
Shocker
Spectra
Squashed
Sunday
SwagShop
Tabby
Teacher
Toolbox
Traceback
Traverxec
Valentine
Validation
Writeup
More added Weekly
Challenges
The Challenges in RED are ACTIVE Challenges and are not open until their retirement.
The challenged in YEllow are retired challenged, but are still "in-progress", meaning I haven't gotten the writeups done for them yet.
Crypto
August - DELETED FROM HTB | Baby Encryption | Bank Heist - DELETED FROM HTB |
Brainy's Cipher | Classic, Yet Complicated | Deceitful Batman - DELETED FROM HTB |
Decode Me - DELETED FROM HTB | Flipin Bank | Lost modulus |
Luna crypt | mysterybox | Nuclear Safe |
Protein Cookies | quick maffs | Rlotto |
RSAiseasy | sick teacher - DELETED FROM HTB | Space Pirates |
templed - DELETED FROM HTB | Twoforone | weak rsa |
xorxorxor | you can do it - DELETED FROM HTB |
Forensics
chase | emo | event Horizon |
export | illumination | Insider |
logger | lure | no place to hide |
peel back the layers | Persistence | S3cr3t_R3cip3 |
took the bYte | usb ripper |
Hardware
Chop Shop | debugging interface | factory |
Gawk | line | Mini Line |
Mission pinpossible | Out of time | secure digital |
signals | the needle | unique |
wander | walkie hackie |
Misc
0ld is g0ld | art | blackhole |
Canvas | eternal loop | fs0ciety |
inferno | longbottom's locker | Micro Storage |
Misdirection | the secret of a queen |
Mobile
anchored | APKey | apkrypt |
cat | don't overreact | manager |
pinned |
OSINT
easy phish | id exposed | Intel |
money flowz |
PWN
bad grades | bat computer | blacksmith |
format | HTB Console | hunting |
Jeeves challenge | leet test | nightmare |
optimistic | pwnshop | racecar |
reg | restaurant | shooting star |
space | you know 0xdiablos |
Reversing
anti flag | Baby Crypt | Baby RE |
bypass | exatlon | find the easy pass |
HackyBird | hissss | impossible password |
ircware | ransom | rauth |
Sekure Decrypt | snake | Tear or dear |
You Can't c Me |
Stego
Beatles | blacksquare | da vinci |
hackerman | image processing 101 | milkshake |
pusheen loves graphs | unified | widescreen |
Web
abusehumandb | baby CachedView | baby auth |
baby bonechewercon | baby breaking grad | baby interdimensional internet |
baby nginxatus | baby todo or not todo | baby waffiles order |
baby website rick | cartographer - deleted from htb | diogenes' rage |
emdee five for life | ezpz - deleted from htb | full stack conf |
fuzzy - deleted from htb | gunship | HDc - deleted from htb |
Lernaen - deleted from htb | looking glass | lovetok |
petpet rcbee | phonebook | sanitize |
slippy | templated | toxic |
weather app |
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.