Recent Posts

Scrambled - Hack The Box

Scrambled is a hard-rated Windows machine from Hack The box, and upon completion I got rank 1 in Sweden! My view on this box is unfairly skewed by the case for rank 1 making this more of a chore then a enjoyable learning experience. Looking back the box is really cool showcasing tickets and their power, something I’m not super comfortable with as I lean more towards Linux rather then Windows. This was a good and educational box going for user, but I feel like the path to root was a bit to simple. I can see how Windows gurus would love this box, so if that’s you go ahead and get started!

Carpediem - Hack The Box

Carpediem is a hard-rated Linux machine from Hack The Box and probably one of the best, if not even the best, box I’ve done. This is a HUGE box with a lot of different containers and feels very real world. We have to pivot left and right, enumerate a lot and probably do 3-4 privilege escalations before we’re finally root. Because of the big scope this box took me a few days to complete and I got stuck on several places along the way. The path to user was very fun and even incorporates VoIP as a vector, path to root introduced me to a new docker escape that was amazing - I can’t wait to try it out in the real world! If you haven’t done this box yet, make sure that you try it out.

Moderators - Hack The Box

Moderators is a hard-rated Linux machine from Hack The Box. Doing this box about a month after release it has a very low rating of only 2.6, and honestly I do agree. Throughout this box you’ll enumerate, enumerate and then enumerate some more. The few vulnerabilities presented have low quality in terms that you will learn little to nothing. That path to root is unique but sadly more annoying then fun/interesting. I see why the box creator went this way, as it show cases something never seen on Hack The Box - but to be honest, this box has nothing to do with hacking. If you need the points, go ahead and do this box, if not I’d advise you to do something else with your time.

Faculty - Hack The Box

Faculty is a medium-rated Linux machine from Hack The Box. This is one of the most fun boxes I’ve done in a while, maybe due to the fact that I never got caught in any rabbit hole. Faculty is straight forward and have quiet simple exploits for both user and root. Even if the path to root was very short, it showcase the importance of Linux capabilities and deepend my knowledge of gdb. It teached me to pay attention and if something looks weird, it probably is weird. I would rate this one the easier side of medium, if not even easy.

Shared - Hack The Box

Shared is a medium-rated Linux machine from Hack The Box. Compared to the last few boxes I’ve done, this was a real smooth ride as we’re basically jumping from exploit to exploit. The path for each step is clear and there are plenty of hints along the way. Looking back the box have sharpened my knowledge in some areas, while also introducing tools I’ve never seen or used before. For me this medium box is on the easier side of medium and didn’t take many hours at all to complete. It was a fun experience and I’d recommend the box to you!

Health - Hack The Box

Health was a easy-rated Linux machine from Hack The Box, that later got bumped to medium. The initial foothold shows you a new unique way of attacking unreachable services that I really appreciate. Im not sure if this approach could be streamlined, but I did it manually which was very time consuming and unintuitive. Looking back I do agree that this should be a medium box rather then easy, but I can see why they set easy rating to start with as there are very few steps if you know what you’re doing. Conclusion, I need to deepen my MySQL skills.

Outdated - Hack The Box

Outdated is a medium-rated Windows machine from Hack The Box. With a release containing a massive unintended path (Zerologon), paired with huge stability issues, this box has been one of the least enjoyable in a good while; mainly due to frustration. Each individual step along the way is unique and the concept is cool, but the execution is sadly lacking. Nevertheless I deepened my knowledge of Windows AD structure and gained a new privesc tool that might come in handy for future tests.

RedPanda - Hack The Box

RedPanda is a very cute easy-rated Linux machine from Hack The Box. I can see why it’s rated as easy, but for someone with limited Java experience I found it a bit rough on the root part. But as long as you take it nice and easy, and really make sure to have all your ducks in a row, you will root it without too much headache. Personally I found this box to be quite fun with the short stories about the different red pandas. The box is short box and straight to the point which I also enjoy. In the end I didn’t learn anything new, but I definitely refined my code review skills in Java.

StreamIO - Hack The Box

StreamIO is an medium-rated Windows machine from HackTheBox. For me this box was quite slow to start where I had to put a lot of time and energy into fuzzing and manually exploiting SQLi, but once I gained a foothold it was really fun and straight forward. In the end I’ve gained a deeper understanding of Active Directory and it’s ACLs, as well as never to trust sqlmap doing even the easiest of tasks. Yet again BloodyAD proves it’s worth as an amazing Active Directory Privilege Escalation tool.

Support - Hack The Box

Support is an easy-rated Windows machine from HackTheBox. Although it’s easy rating we’ll touch on two major areas - Active Directory and Binary Exploitation/Analysis, making it an very fun and interesing box. Personally I think the box is more towards medium rating rather than easy, but this probably rooted in my incompetence of Windows Active Directory. Throughout the box we’ll see tools such as dnSpy, BloodHound, bloodyAD, impacket and more.