HTB Chainsaw machine walkthrough. Anonymous ftp connections, smart contract abuse, InterPlanetary File System and cracked password protected ssh private keys for user pivot. A loosely defined SUID file and PATH hijacking for root shell then finally leveraging root.txt's slack space to get the final flag.
HTB Networked machine walkthrough. Generally discussed as the easiest of the active boxes at time of retirement there is nothing particularly complex with getting to root.
HTB Jarvis machine walkthrough. Jarvis involved a SQL Injection and a web-shell for initial foothold into sudo and filter bypass to User pivot with a final systemctl abuse to pivot into root.
HTB Haystack machine walkthrough. A particularly well designed ELK (Elasticsearch, Logstash, Kibana) based machine offering a chance to dig into the full logging stack.
HTB Safe machine walkthrough. A contentious box from HTB requiring a custom developed ROP (return-oriented programming) exploit tied into cracking a KeepPass database.
HTB Ellingson machine walkthrough. Web enumeration and python console abuse for initial foothold, finding sensitive backup files and hashcat cracking for User pivot, finally into a ROP based overflow exploit for root priviledge escalation.