# Introduction ## Who am I? Hey there! I'm **ruycr4ft**, a Spanish teen who dove into the world of cybersecurity at just 13 years old. Since then, I’ve been crafting Hack The Box machines and sharpening my skills with every scenario I build. Over time, I realized that while there’s a lot of technical knowledge out there, new creators often struggle to find simple, structured guidance on how to get started. That’s where this project comes in. **The Machine Creator's Wiki** is a community-driven resource made to help aspiring HTB machine creators find their footing. Whether you're configuring your first box or just need a quick refresher on common setups, this wiki is here to make your life easier. It focuses on *general and specific configurations*, techniques, and best practices that are commonly used in box creation. However, don’t expect to find detailed exploitation chains or very hard techniques here — the goal is to help you build solid foundations, not to spoil the fun. This project wouldn’t exist without **TheCyberGeek**, who’s been my mentor and guiding light throughout my entire journey, and **kavigihan**, the most incredible co-worker I’ve had the pleasure to build with — a true inspiration and an endless source of knowledge. Welcome aboard! ## How do you think as a content creator? Something I used to struggle a lot when I started was on adding realism to my boxes. So, I started to ask myself these questions when creating a box: * What would be the use of this service/application in the real world? Applications are not meant to be hacked, they must have some useful functionallity. * Why should this user/group have this specific permission/ACL over the target account? For example, user accounts don't usually have SPNs, these are meant for service accounts. That's why I'm a bit pissed when I see a user having `WriteSPN` over another **user** account and not a **service** account, or there are kerberoastable users. * Make sure every service on the box is there for some reason — don't just throw a bunch of cool vulnerabilities that doesn't connect in between. * Focus on the quality over the quantity — a mistake I learnt in the bad ways. I made a lot of box that were unstable, or the cleanups weren't working as expected. Always test for concurrency. ## Want to contribute? This is a really ambicious project for just one person, and I'm 100% sure there are and will be mistakes. Please contact me on Discord or mail (but I rather Discord) if you want to correct/add anything to the wiki!