Haystack is an easy box that requires exploiting all three services of the ELK Stack.
Ellingson was a fun but easy box from HackTheBox. There was a really trivial python web exploit followed by a classic ret2libc attack.
Writeup is an easy box in which we exploit a vulnerability in CMSMadeSimple to get ssh credentials. After that we privesc abusing a writeable directory in the PATH that leads to execution by a process that spawns when an ssh session is started.
Well, Kryptos finally retired; it was an amazing but very difficult box. Here is my writeup of it.
Bastion is an easy box that we start by getting a Windows backup from an open SMB share. We crack the SAM file and get a password. From there we ssh in the machine and find an mRemoteNG configuration file that we use to get the Adminisrator password and finish the box.
OneTwoSeven is a hard box that starts by logging into sftp and creating multiple symlinks to enumerate files. From one of these files we get credentials and move on to port-forward to get access to a plugin upload website from which we can get RCE. For privesc we MITM attack an apt-get update that we have sudo rights with, create a malicious package and gain root access.
LaCasaDePapel is an easy box in which we get our foothold by entering a php-debugging console that runs on the ftp port to get an SSH key. For privesc we abuse a cronjob to gain root and finish the box.