Pseudo is the toughest challenge on HTB in my opinion as of 2019 (well, before headachev2 released). Nothing even comes close to this reversing challenge, which centers around an aarch64 and VM crackme. Before I start, I would like to thank davidlightman for working on it with me. He taught me many new reversing tricks and, oftentimes, managed to see things which I missed.
Networked was a fun and easy box, requiring us to dig a little deeper into bypassing file upload limitations to gain initial foothold. Enumeration is key, and being able to comprehend php and bash is advised.
Jarvis is a medium difficulty box in which we are able to inject SQL to get credentials into a phpmyadmin instance. We use a phpmyadmin metasploit exploit to gain a shell on the machine as www-data. www-data has sudo access as pepper user to a python script which we escape into a bash shell and then use to exploit a SUID binary to get root.
Haystack is an easy box that requires exploiting all three services of the ELK Stack.
Ellingson was a fun but easy box from HackTheBox. There was a really trivial python web exploit followed by a classic ret2libc attack.
Writeup is an easy box in which we exploit a vulnerability in CMSMadeSimple to get ssh credentials. After that we privesc abusing a writeable directory in the PATH that leads to execution by a process that spawns when an ssh session is started.
Well, Kryptos finally retired; it was an amazing but very difficult box. Here is my writeup of it.
Bastion is an easy box that we start by getting a Windows backup from an open SMB share. We crack the SAM file and get a password. From there we ssh in the machine and find an mRemoteNG configuration file that we use to get the Adminisrator password and finish the box.