A new box concept to take htb difficulty to the next level

edited May 2019 in Machines

Hello, i have a new idea for a cool box, but sadly i cant submit it through the website, because of the reasons you will see.

This new box will consist of very strict firewall rules, and it will be very challenging even to get any kind of connection to the box.

Machine is basically an ethernet cable plugged in to a potato. I really think it can take the state of difficulty in htb to the next level, and reward those really persistent enough to hack it.

I thought about mailing the box, but im worried potato might go bad in the shipping process.

Also i think rooting it wil be pretty straight forward, but im not sure about how to get a user yet.

I even made a concept art for the box!
Concept art


  • For fuck sake ignis I knew I could count on you for something this brilliant. Truly an amazing learning experience.


  • edited May 2019

    By the way, how long would it take to root?


  • Depends on the humidity, really

    3 to 4 weeks

  • edited May 2019

    I think this would genuinely be more of a learning experience than some of the boxes that have been released.... just in the wrong field.

    P.S. I found a writeup online, you may want to get it removed before people save it.... https://homeguides.sfgate.com/make-potato-plant-water-cup-61262.html


  • Holy crap this even feels like an exploit-db page.

    Insert four toothpicks into the potato, spacing them around the middle of the potato about two-thirds up from the end with the densest sprouts

    Im thinking about 30 points for this box, seems only fair since there isn't enough ennumeration.

    Also those potato growers are going to have a moment of panic when they see a cyber-security website on their referral analytics.

  • LOL. This is seriously funny.

    Write-ups | Discord - limbernie#0386

  • ahahaha i love that, you should add that on your github


  • Well, we will need to google if the potato can be used as a substrate for P-N and N-P junctions. If so, maybe we can use a very thin syringe of iodine solution to etch an USB/Ethernet convertor IP in the cut of potato.
    Verilog/VHDL/Leonardo Spectrum comes to mind for various design and also https://opencores.org/. :)

    Summa scientia, nihil scire.

  • After all, the basics of potato electronics was already invented (in 18.. something) and if we can have potato radio, we can have potato computer and subsequently the HTB session on a potato computer. It is just a question of miniaturisation (someone call Japan) :)

    Summa scientia, nihil scire.

  • "I know that that's the antenna, and that's that... thingy... and that's all the other stuff."

    Future NASA Administrator.


  • According to this article: https://makezine.com/2006/04/17/500-lb-potato-battery/
    and assuming a pi zero requires 5 v and 200 mA we need around 1000 sets of 10 potatoes in parallel to drive it (so 10.000 potatoes) , but its nothing compared to my design given on the concept art which requires absolutely no potatoes to power the circuit.

  • edited May 2019

    FreePotato #FreeAssange (sorry for the spoil / spam @Arrexel)


  • I'm at work, giggling, trying to contain it...

    People are looking at me... hahahahahahahahahahah

    In tears now!!!

  • best thread on htb forums


  • Lol. After all the time roaming in HTB, I feel dump on missing this thread.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • That one indeed looks very difficult. However, when you give me physical access, I promise I hack that box.

  • Interesting :)
    For sure user part would be hard, root will come with patience and good enumeration.

    Guy from Serbia made a game that could be played with potato.
    Unfortunately this youtube video is not on English, but you will get the point.

  • I need a hint on how to sprout a reverse cell.

  • Type your comment> @mimo said:

    I need a hint on how to sprout a reverse cell.

    I laughed way too hard at this... I think I need to get a life

    Always happy to help, DM me if you need anything!
    Link to Profile

  • Theres too much here to pick any one thing.

    This is the best thing on the internet.....

  • This may be a little unconventional, but I believe if you can send a powerful enough DDOS to it, the heat will cause it to create a hash that you can use....

  • If done for too long tho it might overheat... I wonder if that would be considered a spoiler.

  • Hello fellow APT solvers who are reading this

Sign In to comment.