Mailing from HackTheBox is a windows box running hmailserver and a IIS web server, the website is vulnerable to file read allowing us to read password of the hmailserver. After that we use an...

Description: Usage from HackTheBox is running a website vulnerable to an sql injection allowing us to dump the database and get a password hash, we crack it and login to an admin page runnin...

Description: Headless from HackTheBox is an easy box where we exploit an XSS vulnerability to get admin cookie which gives us access to the admin dashboard. There we find a command injection...

Description: Perfection from HackTheBox. The machine has a website for calculating weighted grades. There is a filter for malicious input but it can be bypassed with a new line to exploit a ...

Description: Bizness from HackTheBox is running a version of Apache Ofbiz vulnerable to Authentication bypass and remote code execution giving us a foothold on the server. After that we find...

Description: Creative from TryHackMe has a website vulnerable to SSRF allowing us to read files on the system, so we read a private ssh key and get a foothold. A sudo entry with LD_PRELOAD i...

Description devvortex from HackTheBox runs a Joomla CMS vulnerable to information disclosure where we get credentials of the database that also work for the administrator page, we login and ...

Surveillance from HackTheBox runs a CMS vulnerable to unauthenticated RCE giving us foothold. We find a sql database backup that has a hash of a user, we easily crack it and get ssh access to...

Description: Hospital from HackTheBox is an Active Directory Domain Controller with a Linux container running a web server with an upload form that we abuse to get a shell on the VM. The lin...

Description: Codify from HackTheBox has a website that uses the vm2 sandbox to execute javascript code. The vm2 library is vulnerable to code execution which we exploit to get a foothold on ...