Search is a hard rated machine on HackTheBox created by dmw0ng. For the user part we will abuse a password being publicy posted in an image. This leads us to discovering of an account with SPN set ...
Backdoor is an easy rated machine on HackTheBox created by hkabubaker17. For the user part we will abuse a wordpress plugin vulnerable to LFI to figure out gdbserver is running and listening on all...
Toby is an insane rated machine on HackTheBox created by InfoSecJack. For the user part we will first fuzz a vhost on a webserver running gogs, where we find the backup of a wordpress installation ...
Overflow is a hard machine on HackTheBox created by Corruptedbl0ck. For the user part we will perform a padding oracle attack on the cookie of the website to gain access to the admin account. Admin...
Shibboleth is a medium machine on HackTheBox created by knightmare & mrb3n. For the user part we will abuse an open IPMI port to retrieve the password hash for a user which was reused for the z...
Secret is an easy machine on HackTheBox created by z9fr. For the user part we will find the source code of a webapp which reveals a command injection vulnerability. This command injection can only ...
User
Stacked is an insane reated machine on HackTheBox created by TheCyberGeek. For the user part we will abuse an XSS in a contact form referer header after fuzzing a vhost. Through this we dis...
Devzat is a medium rated machine on HackTheBox created by c1sc0. For the user part we will discover a command injection vulnerability by downloading an exposed git directory on a vhost. On the mach...
Hancliffe is a hard rated machine on HackTheBox created by Revolt. For the user part we will abuse a path normalisation vulnerability and a CVE in nuxeo to achieve RCE and a foothold on the machi...
Driver is an easy rated machine on HackTheBox created by MrR3boot. For the user part we will phish a user with a UNC path pointing to our machine in a scf file we can upload, capturing his hash wit...