Haystack is a 20 points machine on hackthebox, which in my opinion is not as easy as one might think. It involves some typical ctf steps for user and a nice privilege escalation which requires abusing a LFI in a locally listening kibana instance. The final step is about abusing...
In this post I will walk through the process of creating a simple coverage based fuzzer. The code of this project is on available here. The general idea here is that you download the code and read this post to understand what it does on the more interesting parts so...
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author left in an unintended solution), and a custom kernel exploit to get root.
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning.
Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both first bloods here.
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit.
SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse.
Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden password in a git repository ;)