User Intelligence is a medium rated machine on HackTheBox by Micah. For the user part we will find default credentials through an IDOR vulnerability on a website hosting PDFโs. This will give us a...
Hack The Box - Bountyhunter
BountyHunter is an easy rated machine on HackTheBox created by ejedev. For the user part we will abuse a XXE vulnerability in a Bounty Report System to read the source of the website containing cr...
Hack The Box - Seal
Seal is a medium rated machine on HackTheBox by MrR3boot. For the user part we will find the default credentials for a tomcat installation inside a GitBucket repository and bypass mutual authentic...
Hack The Box - Pivotapi
Pivotapi is an insane rated machine on HackTheBox created by CyberVaca and 3v4Si0N. For the user part we will identify a username in the metadata of a PDF we download from an ftp share. This user h...
Hack The Box - Explore
User Explore is an easy rated machine on HackTheBox by bertolis. For the user part we will exploit an open port for ES file explorer to retrieve ssh credentials in a jpg file. After this we will ab...
Hack The Box - Spider
User Spider is a hard rated machine on HackTheBox created by InfoSecJack. This machine is all about web exploitation. For the user part we will first exploit a SSTI in the registration process whi...
Hack The Box - Dynstr
Dynstr is a medium rated box on HackTheBox by jkr. To get a foothold we will abuse a command injection vulnerability in a DNS update service. After this we will change the machineโs DNS entries to ...
Hack The Box - Monitors
Montiors is a hard rated machine on HackTheBox created by TheCyberGeek. To get user we exploit an LFI vulnerability in a wordpress plugin to discover another vhost. The cacti application running th...
Hack The Box - Cap
Cap is an easy rated machine on HackTheBox by InfoSecJack. For the user part we will find credentials for the ftp service in a pcap by abusing IDOR. These credentials are reused for ssh which gives...
Hack The Box - Pit
Pit is a medium rated machine on HackTheBox created by polarbearer and GibParadox, which is built all around SNMP. We will use SNMP to obtain a directory structure for a website running an applicat...
