Introduction

Who am I?

Hey there! I'm ruycr4ft, a Spanish teen who dove into the world of cybersecurity at just 13 years old. Since then, I’ve been crafting Hack The Box machines and sharpening my skills with every scenario I build. Over time, I realized that while there’s a lot of technical knowledge out there, new creators often struggle to find simple, structured guidance on how to get started. That’s where this project comes in.

The Machine Creator's Wiki is a community-driven resource made to help aspiring HTB machine creators find their footing. Whether you're configuring your first box or just need a quick refresher on common setups, this wiki is here to make your life easier. It focuses on general and specific configurations, techniques, and best practices that are commonly used in box creation. However, don’t expect to find detailed exploitation chains or very hard techniques here — the goal is to help you build solid foundations, not to spoil the fun.

This project wouldn’t exist without TheCyberGeek, who’s been my mentor and guiding light throughout my entire journey, and kavigihan, the most incredible co-worker I’ve had the pleasure to build with — a true inspiration and an endless source of knowledge.

Welcome aboard!

How do you think as a content creator?

Something I used to struggle a lot when I started was on adding realism to my boxes. So, I started to ask myself these questions when creating a box:

• What would be the use of this service/application in the real world? Applications are not meant to be hacked, they must have some useful functionallity.

• Why should this user/group have this specific permission/ACL over the target account? For example, user accounts don't usually have SPNs, these are meant for service accounts. That's why I'm a bit pissed when I see a user having WriteSPN over another user account and not a service account, or there are kerberoastable users.

• Make sure every service on the box is there for some reason — don't just throw a bunch of cool vulnerabilities that doesn't connect in between.

• Focus on the quality over the quantity — a mistake I learnt in the bad ways. I made a lot of box that were unstable, or the cleanups weren't working as expected. Always test for concurrency.

Want to contribute?

This is a really ambicious project for just one person, and I'm 100% sure there are and will be mistakes. Please contact me on Discord or mail (but I rather Discord) if you want to correct/add anything to the wiki!