Add GitHub links to all tool tables + Sink writeup

- Add clickable GitHub/website links to tool names across all 8 challenge categories
- Categories updated: Pwn, Reversing, Forensics, Blockchain, AI/ML, OSINT, Hardware, Stego, Mobile
- Add Sink (Insane) machine writeup as example submission
- Links to external writeup: https://0xmmn.blogspot.com/2023/09/hackthebox-sink-machine-insane.html

Author: momenbasel

challenges/ai-ml/index.md

@@ -72,9 +72,9 @@ def fgsm_attack(image, epsilon, gradient):
 
 | Tool | Purpose |
 |------|---------|
-| Garak | LLM vulnerability scanner |
-| ART (Adversarial Robustness Toolbox) | Adversarial ML attacks/defenses |
-| TextAttack | NLP adversarial attack framework |
-| Rebuff | Prompt injection detection |
-| LangChain | LLM application framework |
-| Ollama | Local LLM deployment |
+| [Garak](https://github.com/NVIDIA/garak) | LLM vulnerability scanner |
+| [ART](https://github.com/Trusted-AI/adversarial-robustness-toolbox) | Adversarial ML attacks/defenses |
+| [TextAttack](https://github.com/QData/TextAttack) | NLP adversarial attack framework |
+| [Rebuff](https://github.com/protectai/rebuff) | Prompt injection detection |
+| [LangChain](https://github.com/langchain-ai/langchain) | LLM application framework |
+| [Ollama](https://github.com/ollama/ollama) | Local LLM deployment |

challenges/blockchain/index.md

@@ -54,10 +54,10 @@ forge create src/Exploit.sol:Exploit --rpc-url http://challenge:8545 --private-k
 
 | Tool | Purpose |
 |------|---------|
-| Foundry (forge/cast) | Solidity development and interaction |
-| Hardhat | JavaScript-based development environment |
-| Remix IDE | Browser-based Solidity IDE |
-| Etherscan | Block explorer |
-| Slither | Static analysis for Solidity |
-| Mythril | Symbolic execution for smart contracts |
-| Echidna | Fuzzing for smart contracts |
+| [Foundry](https://github.com/foundry-rs/foundry) (forge/cast) | Solidity development and interaction |
+| [Hardhat](https://github.com/NomicFoundation/hardhat) | JavaScript-based development environment |
+| [Remix IDE](https://remix.ethereum.org/) | Browser-based Solidity IDE |
+| [Etherscan](https://etherscan.io/) | Block explorer |
+| [Slither](https://github.com/crytic/slither) | Static analysis for Solidity |
+| [Mythril](https://github.com/Consensys/mythril) | Symbolic execution for smart contracts |
+| [Echidna](https://github.com/crytic/echidna) | Fuzzing for smart contracts |

challenges/forensics/index.md

@@ -42,16 +42,16 @@ Writeups for HTB Digital Forensics challenges.
 
 | Tool | Purpose | Common Usage |
 |------|---------|-------------|
-| Volatility 3 | Memory analysis | `vol -f dump.raw windows.pslist` |
-| Wireshark | PCAP analysis | GUI packet inspection |
-| tshark | CLI PCAP analysis | `tshark -r capture.pcap -Y "http"` |
-| Autopsy | Disk forensics | GUI disk image analysis |
-| binwalk | Firmware/file extraction | `binwalk -e firmware.bin` |
-| foremost | File carving | `foremost -i disk.img` |
+| [Volatility 3](https://github.com/volatilityfoundation/volatility3) | Memory analysis | `vol -f dump.raw windows.pslist` |
+| [Wireshark](https://www.wireshark.org/) | PCAP analysis | GUI packet inspection |
+| [tshark](https://www.wireshark.org/) | CLI PCAP analysis | `tshark -r capture.pcap -Y "http"` |
+| [Autopsy](https://www.autopsy.com/) | Disk forensics | GUI disk image analysis |
+| [binwalk](https://github.com/ReFirmLabs/binwalk) | Firmware/file extraction | `binwalk -e firmware.bin` |
+| [foremost](https://github.com/korczis/foremost) | File carving | `foremost -i disk.img` |
 | strings | String extraction | `strings -n 8 binary` |
-| exiftool | Metadata extraction | `exiftool image.jpg` |
-| CyberChef | Data transformation | Encoding, decoding, crypto |
-| FTK Imager | Disk imaging | Forensic image creation |
+| [exiftool](https://github.com/exiftool/exiftool) | Metadata extraction | `exiftool image.jpg` |
+| [CyberChef](https://github.com/gchq/CyberChef) | Data transformation | Encoding, decoding, crypto |
+| [FTK Imager](https://www.exterro.com/digital-forensics-software/ftk-imager) | Disk imaging | Forensic image creation |
 
 ## Analysis Categories
 

challenges/hardware/index.md

@@ -37,11 +37,11 @@ Writeups for HTB Hardware hacking challenges.
 
 | Tool | Purpose |
 |------|---------|
-| binwalk | Firmware extraction and analysis |
-| firmware-mod-kit | Firmware modification |
-| Saleae Logic | Logic analyzer software |
-| PulseView/sigrok | Open-source signal analysis |
+| [binwalk](https://github.com/ReFirmLabs/binwalk) | Firmware extraction and analysis |
+| [firmware-mod-kit](https://github.com/rampageX/firmware-mod-kit) | Firmware modification |
+| [Saleae Logic](https://www.saleae.com/) | Logic analyzer software |
+| [PulseView/sigrok](https://sigrok.org/wiki/PulseView) | Open-source signal analysis |
 | baudrate.py | UART baud rate detection |
-| flashrom | SPI flash reading/writing |
-| OpenOCD | JTAG/SWD debugging |
-| Audacity | Audio/signal analysis |
+| [flashrom](https://github.com/flashrom/flashrom) | SPI flash reading/writing |
+| [OpenOCD](https://github.com/openocd-org/openocd) | JTAG/SWD debugging |
+| [Audacity](https://www.audacityteam.org/) | Audio/signal analysis |

challenges/mobile/index.md

@@ -63,11 +63,11 @@ objection> android root disable
 
 | Tool | Purpose |
 |------|---------|
-| jadx | APK to Java decompilation |
-| apktool | APK resource decompilation |
-| Frida | Dynamic instrumentation |
-| Objection | Runtime mobile exploration |
-| MobSF | Automated mobile analysis |
-| adb | Android Debug Bridge |
-| Genymotion | Android emulator |
-| Burp Suite | Traffic interception |
+| [jadx](https://github.com/skylot/jadx) | APK to Java decompilation |
+| [apktool](https://github.com/iBotPeaches/Apktool) | APK resource decompilation |
+| [Frida](https://github.com/frida/frida) | Dynamic instrumentation |
+| [Objection](https://github.com/sensepost/objection) | Runtime mobile exploration |
+| [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | Automated mobile analysis |
+| [adb](https://developer.android.com/tools/adb) | Android Debug Bridge |
+| [Genymotion](https://www.genymotion.com/) | Android emulator |
+| [Burp Suite](https://portswigger.net/burp) | Traffic interception |

challenges/osint/index.md

@@ -66,11 +66,11 @@ exiftool image.jpg
 
 | Tool | Purpose |
 |------|---------|
-| Maltego | Link analysis and visualization |
-| theHarvester | Email, subdomain, name collection |
-| Sherlock | Username search across platforms |
-| SpiderFoot | Automated OSINT collection |
-| exiftool | Image metadata extraction |
-| Shodan | Internet device search |
-| Censys | Internet-wide scanning data |
-| OSINT Framework | Collection of OSINT tools |
+| [Maltego](https://www.maltego.com/) | Link analysis and visualization |
+| [theHarvester](https://github.com/laramies/theHarvester) | Email, subdomain, name collection |
+| [Sherlock](https://github.com/sherlock-project/sherlock) | Username search across platforms |
+| [SpiderFoot](https://github.com/smicallef/spiderfoot) | Automated OSINT collection |
+| [exiftool](https://github.com/exiftool/exiftool) | Image metadata extraction |
+| [Shodan](https://www.shodan.io/) | Internet device search |
+| [Censys](https://search.censys.io/) | Internet-wide scanning data |
+| [OSINT Framework](https://osintframework.com/) | Collection of OSINT tools |

challenges/pwn/index.md

@@ -71,12 +71,12 @@ checksec --file=binary
 
 | Tool | Purpose |
 |------|---------|
-| pwntools | Python exploit development framework |
-| GDB + GEF/pwndbg | Dynamic debugging |
-| ROPgadget | Find ROP gadgets |
-| one_gadget | Find one-shot RCE gadgets in libc |
-| checksec | Check binary protections |
-| ropper | Alternative ROP gadget finder |
-| patchelf | Patch ELF binary interpreter/rpath |
-| seccomp-tools | Analyze seccomp filters |
-| Ghidra | Static analysis/decompilation |
+| [pwntools](https://github.com/Gallopsled/pwntools) | Python exploit development framework |
+| [GDB](https://www.sourceware.org/gdb/) + [GEF](https://github.com/hugsy/gef)/[pwndbg](https://github.com/pwndbg/pwndbg) | Dynamic debugging |
+| [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) | Find ROP gadgets |
+| [one_gadget](https://github.com/david942j/one_gadget) | Find one-shot RCE gadgets in libc |
+| [checksec](https://github.com/slimm609/checksec.sh) | Check binary protections |
+| [ropper](https://github.com/sashs/Ropper) | Alternative ROP gadget finder |
+| [patchelf](https://github.com/NixOS/patchelf) | Patch ELF binary interpreter/rpath |
+| [seccomp-tools](https://github.com/david942j/seccomp-tools) | Analyze seccomp filters |
+| [Ghidra](https://github.com/NationalSecurityAgency/ghidra) | Static analysis/decompilation |

challenges/reversing/index.md

@@ -54,15 +54,15 @@ Writeups for HTB Reverse Engineering challenges.
 
 | Tool | Purpose |
 |------|---------|
-| Ghidra | Primary decompiler and disassembler (free, NSA) |
-| IDA Free | Industry-standard disassembler |
-| radare2/rizin | CLI reverse engineering framework |
-| GDB + GEF | Dynamic analysis and debugging |
-| Binary Ninja | Modern binary analysis platform |
-| dnSpy | .NET assembly editor and debugger |
-| jadx | Java/Android decompiler |
-| x64dbg | Windows debugger |
-| Cutter | GUI for radare2 |
+| [Ghidra](https://github.com/NationalSecurityAgency/ghidra) | Primary decompiler and disassembler (free, NSA) |
+| [IDA Free](https://hex-rays.com/ida-free) | Industry-standard disassembler |
+| [radare2](https://github.com/radareorg/radare2)/[rizin](https://github.com/rizinorg/rizin) | CLI reverse engineering framework |
+| [GDB](https://www.sourceware.org/gdb/) + [GEF](https://github.com/hugsy/gef) | Dynamic analysis and debugging |
+| [Binary Ninja](https://binary.ninja) | Modern binary analysis platform |
+| [dnSpy](https://github.com/dnSpy/dnSpy) | .NET assembly editor and debugger |
+| [jadx](https://github.com/skylot/jadx) | Java/Android decompiler |
+| [x64dbg](https://github.com/x64dbg/x64dbg) | Windows debugger |
+| [Cutter](https://github.com/rizinorg/cutter) | GUI for radare2 |
 | strace/ltrace | System/library call tracing |
 
 ## Approach

challenges/stego/index.md

@@ -96,13 +96,13 @@ strings output.pdf | grep -i flag
 
 | Tool | Purpose |
 |------|---------|
-| steghide | JPEG steganography |
-| zsteg | PNG/BMP LSB analysis |
-| stegsolve | Visual analysis GUI |
-| Audacity | Audio analysis |
-| Sonic Visualiser | Advanced audio spectrogram |
-| exiftool | Metadata extraction |
-| binwalk | Embedded file extraction |
-| foremost | File carving |
-| stegcracker | Steghide brute-force |
-| openstego | Various stego techniques |
+| [steghide](https://github.com/StefanoDeVuworst/steghide) | JPEG steganography |
+| [zsteg](https://github.com/zed-0xff/zsteg) | PNG/BMP LSB analysis |
+| [stegsolve](https://github.com/Giotino/stegsolve) | Visual analysis GUI |
+| [Audacity](https://www.audacityteam.org/) | Audio analysis |
+| [Sonic Visualiser](https://www.sonicvisualiser.org/) | Advanced audio spectrogram |
+| [exiftool](https://github.com/exiftool/exiftool) | Metadata extraction |
+| [binwalk](https://github.com/ReFirmLabs/binwalk) | Embedded file extraction |
+| [foremost](https://github.com/korczis/foremost) | File carving |
+| [stegcracker](https://github.com/Paradoxis/StegCracker) | Steghide brute-force |
+| [openstego](https://github.com/syvaidya/openstego) | Various stego techniques |

machines/insane/Sink/README.md

@@ -0,0 +1,56 @@
+# Sink
+
+![Machine Badge](https://img.shields.io/badge/Machine-Sink-blue)
+![OS](https://img.shields.io/badge/OS-Linux-orange)
+![Difficulty](https://img.shields.io/badge/Difficulty-Insane-red)
+
+| Property | Value |
+|----------|-------|
+| **OS** | Linux |
+| **Difficulty** | Insane |
+| **Tags** | #web #http-smuggling #aws #cloud #gitea #secrets-management |
+
+---
+
+## Summary
+
+Sink is an Insane Linux machine featuring HTTP request smuggling through a HAProxy/Gunicorn desync to hijack admin sessions, followed by exploitation of a Gitea instance containing AWS secrets. Privilege escalation involves abusing AWS Secrets Manager and KMS to decrypt sensitive credentials.
+
+---
+
+## External Writeup
+
+- [Full Writeup by 0xMMN](https://0xmmn.blogspot.com/2023/09/hackthebox-sink-machine-insane.html)
+
+---
+
+## Key Techniques
+
+- HTTP Request Smuggling (CL.TE desync)
+- HAProxy / Gunicorn misconfiguration
+- Session hijacking via smuggled requests
+- Gitea repository enumeration
+- AWS Secrets Manager enumeration
+- AWS KMS key decryption
+- Cloud credential chaining
+
+---
+
+## Attack Path Overview
+
+1. **Enumeration** - Discover HAProxy fronting a Gunicorn backend with a web application
+2. **HTTP Request Smuggling** - Exploit CL.TE desync between HAProxy and Gunicorn to smuggle requests and steal admin session cookies
+3. **Admin Access** - Use hijacked session to access admin panel, discover Gitea credentials
+4. **Gitea Exploitation** - Enumerate Gitea repositories, find AWS access keys and secrets in commit history
+5. **AWS Secrets Manager** - Use discovered AWS credentials to list and retrieve secrets from AWS Secrets Manager
+6. **AWS KMS** - Decrypt encrypted secrets using AWS Key Management Service
+7. **Root** - Use decrypted credentials for root access
+
+---
+
+## Lessons Learned
+
+- HTTP request smuggling remains a critical vulnerability in proxy/backend architectures
+- Secrets stored in version control (even private repos) can be extracted from git history
+- AWS credential chains across services (IAM -> Secrets Manager -> KMS) can lead to full compromise
+- HAProxy and Gunicorn have known desync issues when Content-Length and Transfer-Encoding headers conflict