Surveillance from HackTheBox runs a CMS vulnerable to unauthenticated RCE giving us foothold. We find a sql database backup that has a hash of a user, we easily crack it and get ssh access to...

Description: Hospital from HackTheBox is an Active Directory Domain Controller with a Linux container running a web server with an upload form that we abuse to get a shell on the VM. The lin...

Description: Codify from HackTheBox has a website that uses the vm2 sandbox to execute javascript code. The vm2 library is vulnerable to code execution which we exploit to get a foothold on ...

Description: Analytics from HackTheBox is a pretty easy machine that revolves arround CVEs, The first one is an unauthenticated command execution on MetaBase that gives us a foothold to a do...

Manager from HackTheBox is a domain controller where we run kerbrute to get the usernames, one user is using a weak passwords allowing us to access mssql where we use xp-dirtree to find a bac...

Description: CozyHosting from HackTheBox is running a misconfigured Java framework leaking the cookie of a logged in user giving us access to the site. A command injection vulnerability is f...

Description Keeper from HackTheBox is an easy box running a web application with default credentials where we find a password in one of the user’s profile giving us a foothold. On the system...

Description: Sau from HackTheBox, we find a website vulnerable to ssrf that we exploit to access a web app that’s sitting behind a firewall, the web app is vulnerable to command injection gi...

Description: Dreaming from TryHackMe has a CMS vulnerable to file upload that leads to command execution. On the machine we find multiple files that contains clear text passwords, we also fi...

Description Hijack is a box with an NFS share where we find FTP credentials. On the FTP server we find a password list that we use to brute force our way into an administration web page vuln...