An interesting box sitting on the ELK (ElasticSearch, Logstash & Kibana) stack with a slant for the CTF side, but a very good introduction to those technologies.
Category: HackTheBox
Despite the “Easy” tag, La Casa de Papel was an elaborate box. A vulnerable service leads to an unusual, limited PHP shell which allows us to generate our own signed certificates to access a specific part of the site. From there, a local file inclusion lets us acquire SSH credentials and then escalate to root via a misconfiguration.