A few weeks ago the HackTheBox 0x00sec team was created and since then no less than 38 of our fine members have joined. In that time we have rocketed up to 113th place on the team leader-board (from 350th). This is no small accomplishment. I do, however, think we can do even better and get on the Top 100 leaderboard. So from here on out, and if I can remember to, I will be posting a weekly challenge box for us all to root. (With the exception of our 0x00sec CTF weeks).

In addition to this; our very own @pry0cc has managed to partner us up with HackTheBox which should serve as even more incentive.

So without further ado, I present this weeks post:


Thread Rules:

  • No Spoilers
  • If you need to ask a question, please use [spoiler][/spoiler] tags if you think it’ll reveal information
  • Hints are allowed if they are vague, and oddly cryptic. Paint an Escher painting with your words
  • Feel free to post that you pwned a box, but no write-ups. Nada
  • Asking for help without effort on your part will be met with near fatal doses of sarcasm

I will be watching the HTB twitter to know what challenges are being decommissioned so we don’t lose forward progress in our rankings. They release this info on every 6-8 days so this post will always be on a Thursday/Friday. This is no guarantee however as they might decommission the week after. It’s a numbers game so if we keep pwning we keep ranking up.

If you’re interested in joining our HTB Team, please read more here.


All done :wink: :sunglasses:

Dude, this is amazing!!

You’re awesome for organising this, I love this initiative :slight_smile:

I’m going to do Waldo right now!

EDIT: Rooted. Shell was easy, privesc was a bitch.


Rooted it, hit me up on IRC if you need a push in the right direction


Hey guys, I’ve been lurking here for a few months and finally decided to join… and the first Weekly HTB challenge is for the box that I co-wrote!

Initial access is fairly easy, privesc is pretty difficult. I would strongly advise not reading the forums on HTB about Waldo, they are very spoilery last I checked.

If anyone has any questions, I’ll be happy to point you in the right direction, though bear in mind I will be taking @0x6e756c6c’s advice about painting an Escher painting… :wink:

Good luck everyone, hope you learn something! :+1:

Awesome! It’s so cool to see that the co-author is a member here.

I must say, privesc is a bitch, and I have massively mixed emotions at whoever came up with that mechanism :joy:

Let us know when you make another box, and we’ll feature it here assuming it’s not too extreme like fighter, not yet anyway :smirk:


Haha yeah… the first part of privesc was mostly my design, and the last bit was strawman’s. Privesc is …fun, not gonna lie :joy: sorry not sorry

No problem! Not planning any boxes at the moment, but I’ll let you know if I create one!

Can I ask how you got into designing a box for HTB? Are you in the industry? Have you owned a bunch already and wanted a new challenge? I’m really curious!


So, I’m not actually in industry, yet. I’m currently a college student, but I’m hoping to graduate and get a job in industry next May.

I’ve owned a few easier boxes already, but haven’t had time to tackle a lot of the more difficult ones yet. My friend strawman on HTB (the other co-creator) asked me to preview a box he was creating for HTB. At the time, Waldo was very alpha, and a lot easier compared to what it was now. So I offered to help him and we set out testing and tweaking, and adding difficulty to the box. He’s the main creator, he did more of the work and the box was his idea.

I thought it was really interesting, fun, and something that would look really good on my resume. So I helped him over the course of the next few weeks until we submitted it.

Creating a box makes you think about both sides of the coin, both from an attacker and defender view. I would highly recommend creating boxes to anyone that wants to get into the industry or wants to better their craft.

Fantastic response, thank you so much!

Just popped it last night. Getting user was fun. Privesc was definitely something.

Amazing stuff @capnspacehook. I mean I hate you but thanks.

