This is the public side of my Hack The Box notebook. Writeups land here when a box retires or when a challenge is from a public CTF event. Active machines stay private until they retire. The point is not the points. The point is the patterns, which is why this repo has a patterns/ folder that grows faster than the challenges/ one.
I am Zawwar Sami, an independent engineer and researcher based in Canada. I write about engineering and AI at zawwarsami.com. The HTB profile lives at app.hackthebox.com/public/users/2469522.
| Folder | What it contains |
|---|---|
challenges/ |
Writeups for HTB CTF challenges from public events (mostly the 2026 MCP TryOut). One file per challenge, grouped by category. |
machines/ |
Writeups for HTB machines, restricted to retired or Starting Point boxes. Each box has its own folder. |
patterns/ |
Cross-machine lessons. Short notes on a single trick that worked in one place and is going to work in another. |
methodology/ |
My approach per challenge category, in plain prose. What I check first, what I keep in the cheat-sheet, how I avoid burning the 30-minute timer. |
| Challenge | Category | Points | Difficulty |
|---|---|---|---|
| Flag Command | web | 300 | very easy |
| Hidden Path | web | 1000 | very easy |
| Labyrinth Linguist | web | 1000 | very easy |
| OmniWatch | web | 1000 | very easy |
| TimeKORP | web | 1000 | very easy |
| Jailbreak | web | 1000 | very easy |
| Chrono Mind | misc | 1000 | very easy |
| Hidden Path (misc cousin) | misc | 1000 | very easy |
| Prison Pipeline | misc | 1000 | very easy |
| Locked Away | misc | 1000 | very easy |
| Stop Drop and Roll | misc | 825 | very easy |
| Character | misc | 825 | very easy |
| Getting Started | pwn | 300 | very easy |
| Regularity | pwn | 300 | very easy |
| Don't Panic | rev | 875 | very easy |
| LootStash | rev | 300 | very easy |
| Satellite Hijack | rev | 900 | very easy |
| Tunnel Madness | rev | 1000 | very easy |
| FlagCasino | rev | 800 | very easy |
| Dynastic | crypto | 725 | very easy |
| Phreaky | forensics | 900 | very easy |
| Silicon Data Sleuthing | forensics | 1000 | very easy |
| An Unusual Sighting | forensics | 825 | very easy |
| Critical Flight | hardware | 1000 | very easy |
| Shush Protocol | ics | 800 | very easy |
| Machine | Tier | OS | Difficulty |
|---|---|---|---|
| Meow | 0 | Linux | very easy |
| Fawn | 0 | Linux | very easy |
More machine writeups will land here as boxes retire. The active ones stay in my private notes.
Every file uses the same five sections. I started with the standard "recon → foothold → privesc" format and dropped it because nobody learns from someone else's recon. They learn from someone else's mistakes. So the template is:
- TL;DR — one paragraph, what cracked it.
- What I saw first — the entry point, the thing that stood out.
- What I tried that did not work — the dead ends, in order.
- What worked — the exploit, in plain English.
- What this taught me — the pattern, transferable.
The dead-ends section is the one that earns the existence of this repo. The internet has enough writeups that march straight from recon to flag without admitting any of the wrong turns. Those writeups taught me less than my own mistakes did, so I am writing the kind of writeup I wish I had been reading.
HTB has clear rules about what you can publish about active machines. This repo respects them. If a box you want to read about is missing, it is either active, or I have not solved it yet, or both. The first will fix itself when HTB retires the box. The second is on me.
Code snippets in this repo (exploit scripts, helper one-liners) are MIT. Writeups themselves are CC BY 4.0. Use whatever you find, credit where appropriate.
Maintained by Zawwar Sami. Last update: 2026-04. Issues and corrections welcome.