Well, Kryptos finally retired; it was an amazing but very difficult box. Here is my writeup of it.
Bastion is an easy box that we start by getting a Windows backup from an open SMB share. We crack the SAM file and get a password. From there we ssh in the machine and find an mRemoteNG configuration file that we use to get the Adminisrator password and finish the box.
OneTwoSeven is a hard box that starts by logging into sftp and creating multiple symlinks to enumerate files. From one of these files we get credentials and move on to port-forward to get access to a plugin upload website from which we can get RCE. For privesc we MITM attack an apt-get update that we have sudo rights with, create a malicious package and gain root access.
LaCasaDePapel is an easy box in which we get our foothold by entering a php-debugging console that runs on the ftp port to get an SSH key. For privesc we abuse a cronjob to gain root and finish the box.
Luke was a great box for those looking to up the difficulty a bit when coming from easy boxes. Once again enumeration is key, and the box involved a lot of the basics while looking a bit more in depth at web exploitation and an API, finally we abused the Ajenti web panel to access files and optionally for file upload.
Querier was a really fun Windows box that involved some skills around MSSQL, Responder, and some classic Windows priv esc techniques.
Fortune was a tough puppy to crack, it requires good enumeration skills and web exploitation to abuse weak input validation. Knowing how SSL and certificates work made it much more achievable.