Buff is pretty straightforward: Use a public exploit against the Gym Management System, then get RCE. Do some port-forwarding, then use another exploit (buffer overflow against Cloudme Sync) to get...
Intense - Hack The Box
Intense starts with code review of a flask application where we find an SQL injection vulnerability that we exploit with a time-based technique. After retrieving the admin hash, weโll use a hash l...
Tabby - Hack The Box
Tabby was an easy box with simple PHP arbitrary file ready, some password cracking, password re-use and abusing LXD group permissions to instantiate a new container as privileged and get root acces...
Fuse - Hack The Box
To solve Fuse, weโll do some enumeration to gather potential usernames from the print jobs information then build a password list from the strings on the website. After successfully password sprayi...
Dyplesher - Hack The Box
Dyplesher was a pretty tough box that took me more than 10 hours to get to the user flag. Thereโs quite a bit of enumeration required to get to the git repo and then find memcached credentials from...
Blunder - Hack The Box
Blunder was an easy box for beginners that required bruteforcing the login for a Bludit CMS, then exploiting a known CVE through Metasploit to get remote code execution. The priv esc is a neat litt...
Cache - Hack The Box
On Cache, we start off with bypassing a simple login form that uses client-side user/password validation, then find a vhost with a vulnerable OpenEMR application. After bypassing the login page, ob...
Blackfield - Hack The Box
Blackfield was a fun Windows box where we get a list of potential usernames from an open SMB share, validate that list using kerbrute, then find and crack the hash of an account with the AS-REProas...
Admirer - Hack The Box
Admirer is an easy box with the typical โgobuster/find creds on the webserverโ part, but after we use a Rogue MySQL server to read files from the server file system, then for privesc thereโs a cool...
Multimaster - Hack The Box
Multimaster was a challenging Windows machine that starts with an SQL injection so we can get a list of hashes. The box author threw a little curve ball here and it took me a while to figure that t...
