Security Blog, Rants, Raves, Write-ups, and Code
hACK tHE bOX - Medium
In preparation for HTB instituting a Flag Rotation Policy (which makes protecting writeups with the challenge/root flag impossible), Hack the Box is instituting new rules for writeups.
Active boxes are now protected using the root (*nix)/Administrator (Windows) password hashes. At this time Active Challenges will not be available, but most retired challenges are here. The username for all HTB Writeups is hackthebox.
any writeups posted after march 6, 2021 include a pdf from pentest.ws instead of a ctb Cherry Tree file.
I've seen several people "complaining" that those of us doing these writeups are not explaining "why" something needs to be added to /etc/hosts. Well, here's the why. If a website is expecting the DNS name and blocking IP requests (i.e http://10.10.11.105 NO and http://horizontall.htb YES) then we need to send the request as to the DNS name. Except without the entry into /etc/hosts, our machine has no idea who, what, when, or where http://horizontall.htb is in order to pull up the page. So, to those citing "plagerism" on these writeups for not explaining why and what /etc/hosts exists and does, let me say this "Penetration Testing expects you to understand basic networking, systems administration, DNS, Linux knowledge, and a lot more. If you don't know, LEARN before you start accusing people of something as serious as Plagerism." and yes, you can quote me on that.
UPDATE: Any writeups after April 6, 2023 will have a video walkthrough as well.
BOXES
Active
AI
Apocalyst
Aragog
Arkham
Bart
Bastard
Bitlab
Book
Cache
-
ACTIVE
Canape
Carrier
Cascade
Celestial
Chaos
Chatterbox
Craft
Cronos
DevOops
Enterprise
Europa
Flux Capacitor
Fuse
-
ACTIVE
Giddy
Haircut
Hawk
Inception
Jarvis
Jeeves
JSON
Lazy
Lightweight
Luke
Magic
Mango
Monteverde
Nineveh
Node
Obscurity
October
Olympus
OpenKeyS
-
ACTIVE
Passage
-
ACTIVE
Poison
Popcorn
Querier
Red Cross
Resolute
SecNotes
Silo
Sneaky
Sneaky Mailer
- ACTIVE
Sniper
Solid
State
Stratosphere
TarTar
Sauce
Teacher
Tenten
Unattended
Vault
Waldo
Wall
Worker
Ypuffy
More added Weekly
Challenges
The Challenges in RED are ACTIVE Challenges and are not open until their retirement.
Crypto
Teacher
Call | Keys |
|
Teacher
Forensics
Blue Shadow | Deadly Arthropod | Forget me not |
keep tryin' | Market Dump | Marshal in the Middle |
Reminiscent |
|
|
Hardware
bounty head | Outrun |
Misc
crime | crooked crockford | deterministic |
exploited stream | m0rsearchive | quickr |
Mobile
cryptohorrific |
OSINT
block hunt3r | breach | infiltration |
kryptic ransomware | missing in action | we have a leak |
PWN
little tommy | sick rop | What does the f say ? |
Reversing
debug me | dysm | eat the cake |
find the secret flag | the Art of reversing |
|
Stego
digital cube | Forest | raining blood |
retro | senseless behaviour |
|
Web
baby ninja jinja | breaking grad | console |
freelancer | i know mag1k | interdimensional internet |
mr. burns | under construction | wafwaf |
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.