Olympus write-up (HackTheBox): average Linux machine that exploits Xdebug RCE to obtain initial shell, cracks WPA2 handshake for SSH credentials, uses port knocking to access port 2222, and escalates to root by mounting host filesystem from Docker container.
Write-up of Nibbles (HackTheBox): simple Linux machine that exploits Nibbleblog 4.0.3 with leaked credentials and RCE via plugin upload, and escalates to root by abusing sudo in the monitor.sh script.
Poison write-up (HackTheBox): simple FreeBSD machine that exploits LFI in browse.php to poison Apache logs and obtain RCE, extracts credentials from pwdbackup.txt, and escalates to root via VNC with leaked password.
Falafel write-up (HackTheBox): High-level Linux machine that exploits SQL injection + PHP type juggling to bypass login, uploads webshell via wget + path truncation, and escalates to root via debugfs in disk group to read /root.
Chatterbox write-up (HackTheBox): Easy Windows machine that exploits a buffer overflow in AChat (CVE-2015-8295) to gain RCE, then escalates to SYSTEM by abusing the WinLogon registry and psexec.
Crimestoppers write-up (HackTheBox): high-level Linux machine that exploits LFI with PHP wrappers to read source code, uploads webshell via ZIP wrapper, steals Thunderbird credentials, and obtains root access by reversing a rootkit (mod-rootme) or Apache logs.
Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.
Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.