Certificate - With a twist Certificate starts off with a web app where I can create an account and upload zip files. I’ll upload a PHP web shell with a null byte to bypass the filter and obtain a ...

Puppy - with a key and lock? DPAPI dawg Puppy is another assumed-breach scenario machine from HackTheBox, where low-privileged levi.james is given. I use this account to collect BloodHound data an...

Certified - No Cert No Job! Certified was the first assumed breach scenario box onto HackTheBox. Low-Privileged user is provided which I’ll use to enumerate the domain and discover that judith.made...

Administrator - FullPowers! Administrator is the 2nd box on HackTheBox, which presents an assumed breach scenario. I’m given credentials for a low-privileged user, olivia, which I’ll use to enumer...

Baby - Pretty Little Baby Baby is a simple, nice, easy machine. The LDAP has anonymous access, and a password is left in the description of a user. The password works for another user but needs to ...

ReDelegate - Powers to low differently ReDelegate is another box from VL on HackTheBox. It’s a neat box where I start off with anonymous FTP access and discover a kdbx file. I have to crack the pa...

Media - They never spoke truth Media is a neat machine from VL onto HackTheBox. The box is hosting a custom PHP site on a XAMPP stack. I’ll start by leaking an NTLM hash of user enox via a media f...

Delegate - Powers to low Delegate, another VL box on HackTheBox. There is a BAT script with creds on an SMB share which can be used for further enumeration. This user has generic write over anothe...

Phantom - Darkness Unleashed Phantom is another box from Vulnlab on HackTheBox. It starts with me retrieving an email file from a share as a guest, which contains a base64-encoded PDF with a passw...

Bamboo - Printers goes wild! Is a Medium machine from Vulnlab where I’ll exploit a PaperCut CVE through a proxy to get the foothold and later will explore the PaperCut webapp alongside pspy runnin...

Shibuya - Not The Town Shibuya was rated medium on vulnlab when it came out, it’s hard rated machine on HTB now. I’ll enumerate possible usernames using kerbrute from where I can find an account r...

Forgotten - A Different one Forgotten is an easy rated machine from VL, where I’ll have to complete the installation of limesurvey software for which I have to setup MySQL on my local box. After th...

Reset - Something? Reset is an easy machine from Vunlab, Starts off with a website where I can reset the password of admin via reset password endpoint where password is returned in the response. Af...

Data – Loif A very-easy-difficulty machine from the VulnLab on Hack The Box. In this box, we exploit a known LFI vulnerability in Grafana, then escalate privileges via a sudo-assigned Docker exec ...

Box Info: The box is fairly simple, A webapp is being hosted which reveals another one, 2nd webapp has LFI which can be exploited to read the creds of tom user to login in tomcat instance, which is...

Box Info: Sea was an easy simple box featuring WonderCMS which is vulnerable to XSS and can be leveraged to RCE via uploading a malicious module. Enumerating system further, A database file can be ...

Box Info: Editorial was an easy box which featured a book publishing website vulnerable to SSRF. it can be used to gain access to internal API, Access to local API can reveal SSH cerds to the machi...

Box Info: Codfiy was an easy linux box featuring a web application where user can test Node.js code. Web application uses a vulnerable library vm2 which can be exploited to get a shell. Enumerating...

Privilege escalation with pacman. Pacman is Arch Linux’s package manager for installing, updating, and managing software with .pkg.tar.zst files via a simple command-line interface, If the us...

Box Info: Boardlight was an easy Linux box running a Dolibarr instance vulnerable to CVE-2023-30253. After gaining a foothold as www-data, the configuration files revealed plaintext credentials, le...

Box Info: Headless is an Easy Linux box features a simple web application which is vulnerable to Blind-XSS, With a simple payload XSS in Request header can get admin cookie, which then can be used ...

APT - Cubing 0x0s This was an Insane box that took 7 days for first blood and got poor reviews, with a hint added 11 days later. It’s still great for learning techniques that are relevant today. I ...