HackTheBox

HackTheBox is an online platform that allows you to test and advance your skills in cyber security.

HackTheBox - Forge

Bypass SSRF filters using domain redirection and abusing Python PDB

Oct 15, 2022  ·  9 min read
linux ssrf vhost ffuf

HackTheBox - Secret

Secret starts with analyzing web source to recover a secret token from older …

Sep 28, 2022  ·  12 min read
linux core-dump jwt go

HackTheBox - Driver

Driver is also one of the machines listed in the HTB printer exploitation track. …

Sep 25, 2022  ·  6 min read
windows network-printer scf ntlm

HackTheBox - Intelligence

Intelligence brings some cool enumeration and exploitation techniques to own …

Sep 19, 2022  ·  12 min read
windows silver-ticket dns responder

HackTheBox - BountyHunter

BountyHunter features a website that is vulnerable to XXE attack. Exploiting it …

Nov 22, 2021  ·  7 min read
linux arbitrary-file-read xxe code-injection

HackTheBox - Nunchucks

SSTI in Nunjucks and SUID capability on Perl

Nov 07, 2021  ·  10 min read
linux ffuf ssti nunjucks

HackTheBox - Explore

Exploiting ES File Explorer and abusing ADB

Oct 30, 2021  ·  9 min read
android es-file-explorer cve-2019-6447 adb

HackTheBox - Return

Return is another machine listed in the HTB printer exploitation track. This …

Oct 24, 2021  ·  9 min read
windows network-printer server-operators printnightmare

HackTheBox - Antique

Antique is one of the machines listed in the HTB printer exploitation track. It …

Oct 20, 2021  ·  10 min read
linux network-printer snmp cups

HackTheBox - Dynstr

Dynstr imitates a company that offers a Dynamic DNS service. The provided API …

Oct 18, 2021  ·  12 min read
linux dns command-injection wildcard-injection

HackTheBox - Cap

Cap starts by identifying an IDOR vulnerability on its hosted website. Using …

Oct 14, 2021  ·  6 min read
linux idor linux-capabilities gtfobins

HackTheBox - Pit

As a medium difficulty box, Pit from Hack The Box has an interesting enumeration …

Oct 13, 2021  ·  15 min read
linux snmp seeddms cve-2019-12744

HackTheBox - Validation

Second-order SQL injection

Sep 24, 2021  ·  6 min read
linux sql-injection password-reuse

HackTheBox - Schooled

Moodle exploitation using CVEs

Sep 16, 2021  ·  11 min read
freebsd cve-2020-25627 cve-2020-14321 moodle

HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Sep 12, 2021  ·  15 min read
linux s3 aws localstack

HackTheBox - Knife

Exploiting the backdoor planted in PHP 8.1-dev

Aug 28, 2021  ·  4 min read
linux php gtfobins sudo

HackTheBox - Love

Love from Hack The Box hosts a voting system application and an online file …

Aug 09, 2021  ·  10 min read
windows ssrf alwaysinstallelevated msi-installer

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Aug 07, 2021  ·  10 min read
linux jwt webshell cve-2019-5736

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

Aug 06, 2021  ·  9 min read
linux yaml deserialization web-assembly

HackTheBox - Traverxec

Code execution with path traversal

Aug 06, 2021  ·  9 min read
linux nostromo command-injection metasploit

HackTheBox - Writeup

TIL: The staff group allows you to override binaries' executable paths.

Aug 06, 2021  ·  5 min read
linux cve-2019-9053 path-hijack

HackTheBox - Heist

Learn how RID cycling could be used for enumerating AD users

Jul 28, 2021  ·  9 min read
windows password-spray password-reuse procdump

HackTheBox - Armageddon

Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package

Jul 26, 2021  ·  10 min read
linux drupal7 metasploit dirty-sock

HackTheBox - Active

Finding passwords in Group Policy Preferences and roasting Kerberos

Jul 15, 2021  ·  9 min read
windows kerberoasting gpp-decrypt

HackTheBox - Shocker

Hands on with ShellShock vulnerability

Jul 13, 2021  ·  4 min read
linux shellshock cve-2014-6271 sudo

HackTheBox - Atom

Supplying a malicious update definition to Electron-updater

Jul 10, 2021  ·  10 min read
windows electron-builder electron-updater command-injection

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

Jun 26, 2021  ·  10 min read
linux chrome-os wordpress directory-listing

HackTheBox - Tenet

Friendly PHP insecure deserialization attack and race condition

Jun 14, 2021  ·  11 min read
linux wordpress php deserialization

HackTheBox - ScriptKiddie

Exploiting exploitation tools and command injection in a log file

Jun 14, 2021  ·  8 min read
linux metasploit cve-2020-7384 sudo

HackTheBox - Cereal (User)

Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE

Jun 09, 2021  ·  13 min read
windows recover-git dotnet csharp

HackTheBox - Delivery

Exploiting a logic flaw called TicketTrick

May 25, 2021  ·  9 min read
linux tickettrick osticket mattermost

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

May 15, 2021  ·  9 min read
linux gitlab cve-2018-19571 cve-2018-19585

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

May 09, 2021  ·  9 min read
linux jackson java ssrf

HackTheBox - Doctor

Seven times seven is equal to SSTI

May 08, 2021  ·  8 min read
linux command-injection ssti splunk

HackTheBox - Passage

USBCreator LPE on Linux

May 07, 2021  ·  9 min read
linux cve-2019-11447 webshell ssh-key-reuse

HackTheBox - Omni

Unauthenticated RCE as SYSTEM on Windows 10 IoT

May 06, 2021  ·  6 min read
windows windows-iot sireprat pscredential

HackTheBox - Blackfield

Abusing Backup Operators group to dump Active Directory database

May 04, 2021  ·  11 min read
windows asrep-roasting bloodhound net-rpc

HackTheBox - Worker

Learn how Azure Pipelines can be abused

May 03, 2021  ·  12 min read
windows svn webshell azure-devops

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

May 01, 2021  ·  8 min read
windows webshell cloudme pwn

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Apr 28, 2021  ·  10 min read
linux smtp imap sylpheed

HackTheBox - Tabby

Abusing Tomcat manager-script roles and escalate to root with LXC container

Apr 26, 2021  ·  7 min read
linux lfi tomcat password-cracking

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Apr 24, 2021  ·  14 min read
linux aws localstack s3

HackTheBox - Cascade

Plundering dead Active Directory accounts

Apr 23, 2021  ·  11 min read
windows active-directory smb vnc

HackTheBox - Laboratory

LFI to RCE on GitLab 12.8.1~12.9.0

Apr 17, 2021  ·  11 min read
linux gitlab cve-2020-10977 lfi

HackTheBox - APT

Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1

Apr 17, 2021  ·  17 min read
windows ms-rpc ioxidresolver windows-registry

HackTheBox - Nest

Nest is one of my favorite machines after Forest, I learned a lot about …

Apr 16, 2021  ·  10 min read
windows smb alternate-data-stream dotn

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

Apr 09, 2021  ·  6 min read
linux sql-injection exiftool upload-bypass

HackTheBox - Sauna

Learn basic exploitation of Active Directory

Apr 07, 2021  ·  5 min read
windows asrep-roasting bloodhound dcsync

HackTheBox - ServMon

Exploiting embedded system software

Apr 06, 2021  ·  6 min read
windows directory-traversal nvms-1000 nsclient

HackTheBox - Remote

Enumerating public NFS and gain access to sensitive files

Apr 05, 2021  ·  6 min read
windows nfs metasploit teamviewer

HackTheBox - Forest

Using BloodHound to discover abusable Active Directory groups

Apr 03, 2021  ·  7 min read
windows asrep-roasting bloodhound psdrive

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Apr 02, 2021  ·  6 min read
linux code-review webshell password-cracking