In this machine, I had to exploit a known vulnerability in exiftool, find a password in some logs, and finally reverse a program to find how to exploit it. Room: Investigation Difficulty: Med...
Hack The Box - Encoding
This was a really fun box. I had to exploit two LFI vulnerabilities and PHP filters to get a foothold. Then exploit git configuration and systemd to escalate my privileges. Room: Encoding Dif...
Hack The Box - BroScience
In this box, I had to exploit an LFI, a vulnerable token generation, and a serialization vulnerability to get to a shell. Then I had to crack a hashed password, and finally, get code execution in a...
Hack The Box - Mentor
This machine took me a long time to own because I failed at basic enumeration. Most of the work to do this box was in finding the passwords laying around. Room: Mentor Difficulty: Medium UR...
Hack The Box Walkthrough - Awkward
This was a difficult box for me. I had to exploit a web application to get Remote Code Execution, find the userโs password in an notes file, then exploit the same application a second time to get r...
Hack The Box - Photobomb
In this easy box, I had to exploit a web application that allowed reformatting images to get remote code execution. Then I got root by exploiting a cleanup script with too many permissions. Roo...
Hack The Box - Ambassador
This was a really fun box where I had to use multiple vulnerabilities. There was a Local File Inclusion (LFI), credentials stored in clear, misconfiguration, and a Git repository with a token in it...
Hack The Box - UpDown
It took me a long time to get a foothold on that machine. But once I was in, getting the user and root was very easy. Room: UpDown Difficulty: Medium URL: https://app.hackthebox.com/machine...
Hack The Box - Shoppy
I had a hard time getting my initial access to this box. It required playing with Mongo Injection. And multiple enumerations of subdomains. Once on the box, getting root was quick. A reversing of a...
Hack The Box - Health
This was a difficult, but fun machine. It came out as an easy machine before being reclassified as medium. It took me a long time before I finally pwned it. It started with using a web application...
