Multiple platforms, HackTheBox, TryHackMe, BlueTeamLabsOnline, express they do not want the answers/flags posted until the challenge is retired. Thus, for any active challenge on these platforms, the bulk of the content is password protected.
For password-protected challenge write-ups: use the challenge flag as the password to the blog post
For password-protected machine write-ups:
- HackTheBox uses the root password hash or Admin password hash (early writeups may have used the system flag, however the platform implemented flag rotation and this does not work. It looks like as of 2024, challenges also have flag rotation so it will be tricky to properly password protect these with nothing to vet and unlock for users who have completed the task. You can still reach out to me for assistance on some of my writeups.
- BlueTeamLabs I have custom created passwords for them until they are retired so you would need to reach out for these to be unlocked.
# linux example of password hash for HackTheBox
root:$6$vSJ....krWP0:18577:0:99999:7:::
# windows example of password hash for HackTheBox
Administrator:500:aad3b435...3b435b51404ee:d1256c...5017:::
You can find unlocked walkthroughs for retired challenges on any platform using the #unlocked-walkthrough tag.
