Sink is an Insane rated machine on HackThebox by MrR3boot which features a misconfiguration in a proxy that leads to HTTP-request-smuggling and access to a gitea application. In the gitea applicati...
Hack The Box - Schooled
Schooled is a medium rated box on hackthebox created by TheCyberGeek. It involves some amount of enumeration to discover a vhost, XSS to get to a privileged user and CVE in moodle to get a foothold...
Hack The Box - Unobtainium
Unobtainium is a hard rated machine on HackTheBox by felamos. It involves exploiting object prototype pollution in an older lodash library chained together with a CVE in the google-cloudstorage-com...
Hack The Box - Knife
Knife is an easy rated machine on HackTheBox by MrKN16H. For the user part we will abuse a backdoored php version and for root sudo rights on the Chef Workstation binary knife. User Nmap As usua...
Hack The Box - Proper
User Proper is a hard rated machine on HackTheBox created by xct & jkr. For the user part we will abuse a SQLI in a web application. This leaves us with credentials to log into a licensing port...
Hack The Box - CrossFitTwo
CrossFitTwo is an insane rated machine on HackTheBox created by MinatoTW & polarbearer. For the user part we will first discover a websocket connecting to a vhost. This websocket application is...
Hack The Box - Love
Love is an easy rated machine on HackTheBox by pwnmeow. For user we will abuse a SSFR to bypass access checks on a webserver and gain access to a voting application. There we will upload a php web ...
Hack The Box - TheNotebook
TheNotebook is a medium difficulty machine on HackTheBox created by mostwanted002. For the user part we will exploit a RFI in a JWT-Auth mechanism, allowing us to forge our own certificate to sign ...
Hack The Box - Armageddon
Armageddon is an easy rated machine on HackTheBox created by bertolis. For the user part we will abuse CVE-2018-7600 aka Drupalgeddon2. After gaining a foothold we will find the database credential...
Hack The Box - Breadcrumbs
Breadcrumbs is a hard rated machine on HackTheBox created by helich0pper. For the user part we will exploit a LFI in a webapp to get access to the php source code. With this we can forge two cookie...
