Search is a hard rated machine on HackTheBox created by dmw0ng. For the user part we will abuse a password being publicy posted in an image. This leads us to discovering of an account with SPN set ...
Hack The Box - Backdoor
Backdoor is an easy rated machine on HackTheBox created by hkabubaker17. For the user part we will abuse a wordpress plugin vulnerable to LFI to figure out gdbserver is running and listening on all...
Hack The Box - Toby
Toby is an insane rated machine on HackTheBox created by InfoSecJack. For the user part we will first fuzz a vhost on a webserver running gogs, where we find the backup of a wordpress installation ...
Hack The Box - Overflow
Overflow is a hard machine on HackTheBox created by Corruptedbl0ck. For the user part we will perform a padding oracle attack on the cookie of the website to gain access to the admin account. Admin...
Hack The Box - Shibboleth
Shibboleth is a medium machine on HackTheBox created by knightmare & mrb3n. For the user part we will abuse an open IPMI port to retrieve the password hash for a user which was reused for the z...
Hack The Box - Secret
Secret is an easy machine on HackTheBox created by z9fr. For the user part we will find the source code of a webapp which reveals a command injection vulnerability. This command injection can only ...
Hack The Box - Stacked
User Stacked is an insane reated machine on HackTheBox created by TheCyberGeek. For the user part we will abuse an XSS in a contact form referer header after fuzzing a vhost. Through this we dis...
Hack The Box - Devzat
Devzat is a medium rated machine on HackTheBox created by c1sc0. For the user part we will discover a command injection vulnerability by downloading an exposed git directory on a vhost. On the mach...
Hack The Box - Hancliff
Hancliffe is a hard rated machine on HackTheBox created by Revolt. For the user part we will abuse a path normalisation vulnerability and a CVE in nuxeo to achieve RCE and a foothold on the machi...
Hack The Box - Driver
Driver is an easy rated machine on HackTheBox created by MrR3boot. For the user part we will phish a user with a UNC path pointing to our machine in a scf file we can upload, capturing his hash wit...
