Categories

TryHackMe

TryHackMe: Crocc Crew

12 minute read

This box is rated insane difficulty on THM and has a general theme of hacking an already compromised Domain Controller to discover the trail left behind by t...

TryHackMe: Enterprise

9 minute read

This box is rated hard difficulty on THM. It involves us discovering an Atlassian BitBucket instance running on a higher HTTP port, leading us to a GitHib re...

TryHackMe: Bookstore

8 minute read

This box is rated medium difficulty on THM. It involves us discovering an old API parameter that allows us to read files on the web server. Using this grab t...

TryHackMe: Plant Photographer

15 minute read

This box is rated hard difficulty on THM. It involves us finding an SSRF vulnerability that allows access to internal resources on the web server. Using that...

TryHackMe: Reset

7 minute read

This box is rated hard difficulty on THM. It involves us AS-REP roasting a user’s hash in order to get an initial foothold on the system. From there we abuse...

TryHackMe: Fusion Corp

12 minute read

This box is rated hard difficulty on THM. It involves us discovering an employee spreadsheet in a backup directory on the web server that leads to AS-REP roa...

TryHackMe: Extract

11 minute read

This box is rated hard difficulty on THM. It involves us exploiting a Server-Side Request Forgery attack to enumerate an internal web server and bypassing a ...

TryHackMe: Ledger

12 minute read

This box is rated hard difficulty on THM. It involves us finding default credentials for domain users through LDAP anonymous binds and abusing a misconfigura...

TryHackMe: The London Bridge

11 minute read

This box is rated medium difficulty on THM. It involves us discovering an SSRF vulnerability on a website that allows for internal service enumeration. We fi...

TryHackMe: Motunui

15 minute read

This box is rated hard difficulty on THM. It involves us grabbing a network packet capture file from SMB which holds a development virtual host inside of a P...

TryHackMe: Broker

5 minute read

This box is rated medium difficulty on THM. It involves us using default credentials to log into an ActiveMQ instance as Admin. That discloses the version wh...

TryHackMe: Operation Endgame

7 minute read

This box is rated hard difficulty on THM. It involves us Kerberoasting a user who’s SPN we can modify and abusing Guest permissions to perform an RBCD attack...

TryHackMe: Wekor

14 minute read

This box is rated medium difficulty on THM. It involves us discovering an eCommerce website that’s vulnerable to SQL injection and a subdomain hosting Wordpr...

TryHackMe: Blueprint

5 minute read

This box is rated easy difficulty on THM. It involves us finding a version of OsCommerce that is vulnerable to RCE which grants us a high-level shell on the ...

TryHackMe: Napping

7 minute read

This box is rated medium difficulty on THM. It involves us peforming a reverse tabnabbing attack to steal administrator credentials on a website. That same p...

TryHackMe: Kitty

9 minute read

This box is rated medium difficulty on THM. It involves us exploiting a blind-based SQL injection to dump user credentials on the website. Doing so rewards u...

TryHackMe: Olympus

10 minute read

This box is rated medium difficulty on THM. It involves us exploiting a SQL injection in an old CMS site, which leads to dumping user credentials. Using a re...

TryHackMe: Dogcat

6 minute read

This box is rated medium difficulty on THM. It involves us exploiting a PHP web application via LFI to gain Remote Code Execution by poisoning access logs. T...

TryHackMe: Rabbit Hole

10 minute read

This box is rated hard difficulty on THM. It involves us finding out that a web application is vulnerable to Second-Order SQL injection, which could be used ...

TryHackMe: CupidCards

14 minute read

This box is rated hard difficulty on THM and is apart of the advanced track in the Love at First Breach ‘26 event. It involves us getting LFI/RCE in the webs...

TryHackMe: Rocket

17 minute read

Box link– https://tryhackme.com/room/rocket

TryHackMe: Exfilibur

9 minute read

This box is rated hard difficulty on THM. It involves us exploiting a web application built with BlogEngine to get a reverse shell through three CVEs. Once o...

TryHackMe: Moebius

17 minute read

This box is rated hard difficulty on THM. It involves us exploiting SQL injection to extract an HMAC-SHA256 signing secret, allowing us to perform a PHP filt...

TryHackMe: RazorBlack

7 minute read

This box is rated medium difficulty on THM. It involves us exploiting plenty of Active Directory components to pivot through accounts and find grab a remote ...

TryHackMe: Mountaineer

15 minute read

This box is rated hard difficulty on THM. It involves us finding a Wordpress application that’s vulnerable to LFI, allowing us to read the server’s configura...

TryHackMe: Mnemonic

8 minute read

This box is rated medium difficulty on THM. It involves us brute forcing a few protected files to gain SSH access to the box as a low-level user. Then, we re...

TryHackMe: Mindgames

4 minute read

This box is rated medium difficulty on THM. It involves us using a lesser-known programming language to grab a reverse shell on the web server, along with es...

TryHackMe: Temple

12 minute read

This box is rated hard difficulty on THM. It involves us enumerating a python webapp to find an old register API. Then, we grab a shell on the box with SSTI ...

TryHackMe: Sea Surfer

14 minute read

This box is rated hard difficulty on THM. It involves us chaining SSRF to an LFI vulnerability in order to read files on the web server. Doing so gives us ad...

TryHackMe: Backtrack

11 minute read

This box is rated medium difficulty on THM. It involves us exploiting directory traversal vulnerabilities in a few applications to grab low-level shells on t...

TryHackMe: Adventure Time

12 minute read

This box is rated hard difficulty on THM and is more of a game then a realistic box. It involves us enumerating various directories in a subdomain on HTTPS t...

TryHackMe: Athena

8 minute read

This box is rated medium difficulty on THM. It involves us exploiting command substitution to grab a reverse shell through a custom pinging tool, as well as ...

TryHackMe: Second

10 minute read

This box is rated hard difficulty on THM. It involves us exploiting a second-order SQL injection vulnerability to dump user credentials, finding SSTI in a si...

TryHackMe: Misguided Ghosts

13 minute read

This box is rated hard difficulty on THM. It involves us port knocking to access a Werkzeug web server, exploiting XSS to steal an admin session, grabbing a ...

TryHackMe: CMesS

7 minute read

This box is rated medium difficulty on THM. It involves us enumerating a developer subdomain to find a temporary password used at an administrator panel. The...

TryHackMe: Racetrack Bank

7 minute read

This box is rated hard difficulty on THM. It involves us exploiting a race conditions to add gold to our account, allowing us to buy premium functions on the...

TryHackMe: Biblioteca

5 minute read

This box is rated medium difficulty on THM. It involves us exploiting SQL injection to grab low level user credentials, brute forcing another user’s login, a...

TryHackMe: The Marketplace

6 minute read

This box is rated medium difficulty on THM. It involves us using an XSS vulnerability to capture an admin token on a website which leads to a dumping a datab...

TryHackMe: Tempus Fugit Durius

13 minute read

This box is rated hard difficulty on THM and directly translates to “Time flies harder”. 

TryHackMe: Road

5 minute read

This box is rated medium difficulty on THM. It involves us updating an admin account’s password using a built-in function on the webpage which allows us to u...

TryHackMe: HackPark

4 minute read

This box is rated medium difficulty on THM. It involves us brute forcing an admin login page with hydra, exploiting a known vulnerability within a blog engin...

TryHackMe: Hack Smarter Security

7 minute read

This box is rated medium difficulty on THM and has a cool theme revolving around hacking an APT hacking group to find out who they’re targeting next.

TryHackMe: 0day

3 minute read

This box is rated medium difficulty on THM. It involves us using the Shellshock vulnerability to get RCE on the system which grants us a shell, and abusing a...

TryHackMe: Set

13 minute read

This box is rated hard difficulty on THM and is the third installment in the Windcorp series. It involves us finding an exposed XML file containing employee ...

TryHackMe: Gatekeeper

7 minute read

This box is rated medium difficulty on THM. It involves abusing buffer overflow on a vulnerable binary found on an SMB share and extracting credentials from ...

TryHackMe: Revenge

3 minute read

This box is rated medium difficulty on THM and is the sequel to Blog. It has a pretty funny storyline as after we hacked his blog page, Billy Joel makes a sh...

TryHackMe: EnterPrize

9 minute read

This box is rated hard difficulty on THM; it’s absolutely brutal so prepare yourself.

TryHackMe: Dave’s Blog

6 minute read

This box is rated hard difficulty on THM. It involves using NoSQL injection in JSON format to bypass a login panel, getting a reverse shell with the site’s b...

TryHackMe: Ra 2

12 minute read

Box link– https://tryhackme.com/room/ra2

TryHackMe: Intranet

8 minute read

This box is rated medium difficulty on THM and has many web parts for us to attack. It involves us brute forcing an account and OTP code with custom wordlist...

TryHackMe: Relevant

6 minute read

This box is rated medium difficulty on THM and is a simulation of a real intermediate penetration test. It involves us uploading an aspx shell via an SMB sha...

TryHackMe: Looking Glass

6 minute read

This box is rated medium difficulty on THM. It involves us finding the correct SSH port with a binary search, solving a Vigenère cipher to get credentials fo...

TryHackMe: Blog

8 minute read

This box is rated medium difficulty on THM. It involves us brute forcing a Wordpress login, grabbing a low level shell via a known upload vulnerability, and ...

TryHackMe: Different CTF

7 minute read

This box is rated hard difficulty on THM. It involves us brute forcing steganography on an image using a wordlist found with it, uploading a shell via FTP &a...

TryHackMe: Binex

4 minute read

This box is rated medium difficulty on THM, it’s centered around us finding login credentials and exploiting three binaries in different ways.

TryHackMe: Ra

7 minute read

Box link– https://tryhackme.com/room/ra

TryHackMe: Inferno

5 minute read

This box is rated medium difficulty on THM, it involves us brute forcing a login panel, exploiting a known vulnerability within the Codiad framework, and esc...

TryHackMe: Zeno

3 minute read

Zeno is a medium-ranked difficulty box on TryHackMe, it requires us to enumerate the system’s attack surface, exploit an outdated service, and abuse service ...

TryHackMe: Wonderland

2 minute read

Wonderland is a medium-difficulty ranked box on TryHackMe, it involves enumerating a webpage and good knowledge of linux privilege escalation to grab root ac...

TryHackMe: Tech_Supp0rt 1

3 minute read

This box is ranked easy-difficulty on TryHackMe, it involves enumerating SMB shares and escalating privileges in order to foil a tech scammer’s plans to defr...

TryHackMe: Startup

2 minute read

This is an easy-difficulty ranked box, it involves us uploading a reverse shell via FTP anonymous login and escalating privileges by snooping around files an...

TryHackMe: Soupedecode 01

3 minute read

This TryHackMe box is ranked as an easy-difficulty box that aims to test our Active Directory enumeration skills. We must compromise a domain controller by e...

TryHackMe: Smol

3 minute read

Smol is a medium difficulty room on TryHackMe that requires us to exploit a WordPress website and perform privilege escalation in order to grab both flags.

TryHackMe: Retro

2 minute read

This box is ranked hard difficulty on THM, it involves us enumerating a webpage, leading to leaked RDP credentials, and finally escalating privileges to Admi...

TryHackMe: Overpass

3 minute read

This box is ranked easy-difficulty on TryHackMe and is one of the most popular challenges as it puts our fundamentals to the test. The goal is to exploit a p...

TryHackMe: One Piece

4 minute read

One Piece is a medium difficulty room on TryHackMe that tests our enumeration, cryptography, and privilege escalation skills.

TryHackMe: Kenobi

2 minute read

This is an easy ranked box on THM, it involves enumerating Samba shares, exploiting a vulnerable version of ProFtpd, and privilege escalation through Path Va...

TryHackMe: Internal

4 minute read

This box is rated hard difficulty on THM, it involves us exploiting WordPress to grab a low level shell on the system, port forwarding an internal Jenkins ap...

TryHackMe: Include

5 minute read

This box is ranked medium-difficulty on THM, it involves us escalating privileges on a web application, SSRF on an internal API to read admin credentials, an...

TryHackMe: Harder

4 minute read

This box is ranked medium difficulty on THM, it consists of enumerating hidden endpoints on a web server, exploiting code to bypass authentication, and a coo...

TryHackMe: Hammer

5 minute read

This box is ranked as medium-difficulty and requires us to use our exploitation skills to bypass authentication mechanisms on a website and get Remote Code E...

TryHackMe: Gallery

2 minute read

This box is ranked easy-difficulty and involves enumeration, bypassing a login form, uploading a reverse shell, and escalating privileges to grab both flags.

TryHackMe: Daily Bugle

2 minute read

This box is ranked hard-difficulty on TryHackMe, it involves us using SQLi to compromise a Joomla CMS account, cracking hashes, and a unique privilege escala...

TryHackMe: Boiler CTF

2 minute read

This is a medium-ranked difficulty box, it involves us dodging plenty of rabbit holes, exploiting command injection on an obscure endpoint, and escalating pr...

TryHackMe: Agent Sudo

2 minute read

This Men In Black-esque CTF is catered towards beginners and puts a good range of skills to the test. Overall, it was a fun challenge.

TryHackMe: Willow

3 minute read

This box is ranked medium on THM, it involves us mounting a file share to get access to RSA key pair integers, which we can use to recover an SSH private key...

TryHackMe: Watcher

3 minute read

This box is rated medium difficulty on THM. It involves us exploiting an LFI vulnerability to leak credentials, uploading a reverse shell via FTP, and pivoti...

TryHackMe: Tomghost

2 minute read

This box is ranked easy difficulty on THM, it involves us exploiting Apache Jserv to read files arbitrarily, leading to an encrypted pgp file and a binary ex...

TryHackMe: The Great Disappearing Act

12 minute read

This box is the first of five side quest challenges in THM’s Advent of Cyber ’25. It’s ranked hard difficulty and is easily the most time consuming of all. I...

TryHackMe: Jurassic Park

4 minute read

This box is rated hard difficulty on THM, it involves us using SQL injection to dump passwords, using a known binary exploit with Sudo to grab root privilege...

TryHackMe: Jack

7 minute read

This box is rated hard difficulty on THM. It involves us brute forcing a WordPress website with XML-RPC enabled, updating our profile to allow for admin perm...

TryHackMe: Iron Corp

5 minute read

This box is rated hard difficulty on THM. It involves us brute forcing an admin login on a subdomain, grabbing a shell via SSRF in a query search function, a...

TryHackMe: Injectics

4 minute read

This box is ranked medium difficulty on THM and is a sort of capstone challenge to the Injection Attacks module, so all methods will be of that nature.

TryHackMe: Decryptify

6 minute read

This box is ranked medium difficulty on THM, it involves us reversing a cryptographic API to generate a valid invite code so we can login to a webpage. Then,...

TryHackMe: Chocolate Factory

3 minute read

This box is ranked easy difficulty on THM, it involves us getting a hash via steganography on a jpg, grabbing a shell with RCE on a webpage, using sudo to es...

TryHackMe: Cherry Blossom

4 minute read

This box is ranked hard difficulty on THM, it involves us employing plenty of cryptographic methods in order to crack encrypted archives and passwords. We th...

TryHackMe: BreachBlocker Unlocker

11 minute read

This box is the final side quest for THM’s Advent of Cyber ‘25, it is ranked hard difficulty and involves enumerating server files, pivoting through applicat...

TryHackMe: Biohazard

4 minute read

This box is ranked medium difficulty on THM and is centered around the Resident Evil game. The overarching challenge of this box is cryptography and enumerat...

TryHackMe: Anonymous Playground

5 minute read

This box is ranked hard difficulty on THM, it involves us decrypting a special string which grants us SSH creds to the system. Then, we exploit a custom bina...

TryHackMe: Anonymous

3 minute read

This box is ranked medium difficulty on THM, it involves us uploading a reverse shell using FTP anonymous login and then abusing a SUID bit set on an importa...

TryHackMe: Year of the Rabbit

3 minute read

This box is rated easy difficulty on THM. It involves us brute forcing an FTP login after finding a password list from hidden image data, decoding an obscure...

TryHackMe: K2

17 minute read

Box link– https://tryhackme.com/room/k2room

Back to Top ↑

HackTheBox

HackTheBox: Vintage

15 minute read

This box is rated hard difficulty on HTB. It involves us enumerating a pre-created machine account whose password is the same as its samAccountName value. Fr...

HackTheBox: Cerberus

17 minute read

This box is rated hard difficulty on HTB. It involves us compromising a Linux web server running an outdated version of Icinga Web 2 through a File Disclosur...

HackTheBox: Search

14 minute read

This box is rated hard difficulty on HTB. It involves us finding a plaintext user password in one of the website’s images and using that account to Kerberoas...

HackTheBox: Phantom

13 minute read

This box is rated medium difficulty on HTB. It involves us finding a default password in an onboarding PDF located inside of a Guest-readable SMB share. Spra...

HackTheBox: Sizzle

23 minute read

This box is rated insane difficulty on HTB. It involves finding a writeable directory in an SMB share that we mounted, leading to an NTLMv2 hash theft and th...

HackTheBox: Zipper

12 minute read

This box is rated hard difficulty on HTB. It involves us discovering a Zabbix instance on a web server that allows for guest logins. Using an event notice, w...

HackTheBox: Sekhmet

24 minute read

This box is rated insane difficulty on HTB. It involves us getting a foothold on a domain-joined Linux web server through insecure deserialization. Then we d...

HackTheBox: Cereal

19 minute read

This box is rated hard difficulty on HTB. It involves us finding a subdomain with an exposed code repository, leading us to forge a valid JWT with a secret k...

HackTheBox: Rebound

16 minute read

This box is rated insane difficulty on HTB. It involves us performing unauthenticated Kerberoasting via AS-REP Roasting and cracking the hash in order to get...

HackTheBox: Freelancer

16 minute read

This box is rated hard difficulty on HTB. It involves us registering an account on a website where we can reset our password in order to bypass an activation...

HackTheBox: Falafel

13 minute read

This box is rated hard difficulty on HTB. It involves us grabbing password hashes from a website vulnerable to Time-Based SQL injection, letting us login. Us...

HackTheBox: Haze

13 minute read

This box is rated hard difficulty on HTB. It involves us discovering a path traversal vulnerability in Splunk that lets us grab an encrypted LDAP bind passwo...

HackTheBox: Arkham

10 minute read

This box is rated medium difficulty on HTB. It involves us discovering a LUKS encrypted backup image on a non-standard SMB share that gives us access to the ...

HackTheBox: Absolute

15 minute read

This box is rated insane difficulty on HTB. It involves us creating a username wordlist via image metadata pulled from a website which is used to AS-REP Roas...

HackTheBox: Scepter

14 minute read

This box is rated hard difficulty on HTB. It involves us discovering a private key and certificate in an NFS export that can be used to get a user’s NTLM has...

HackTheBox: Multimaster

16 minute read

This box is rated insane difficulty on HTB. It involves us discovering a search function on the website that is prone to SQL injection, which requires encodi...

HackTheBox: Holiday

9 minute read

This box is rated hard difficulty on HTB. It involves us finding a login page which is vulnerable to SQL injection, allowing us to dump the users table to ge...

HackTheBox: VulnCicada

10 minute read

This box is rated medium difficulty on HTB. It involves us discovering a password within an image on an NFS share, giving us valid domain credentials. We fin...

HackTheBox: Pov

9 minute read

This box is rated medium difficulty on HTB. It involves us discovering a developer subdomain on a web server that has a file read vulnerability in a download...

HackTheBox: Mailroom

15 minute read

This box is rated hard difficulty on HTB. It involves us chaining Cross-Site Scripting with Cross-Site Request Forgery in order to perform NoSQL injection on...

HackTheBox: CrimeStoppers

10 minute read

This box is rated hard difficulty on HTB. It involves us combining a file upload with an LFI vulnerability to get a reverse shell on the machine as www-data....

HackTheBox: Media

8 minute read

This box is rated medium difficulty on HTB. It involves us exploiting a file upload feature on a website in order to capture a user’s NTLMv2 hash and crack i...

HackTheBox: Irked

6 minute read

This box is rated easy difficulty on HTB. It involves us discovering a backdoor vulnerability within an outdated IRC server, allowing us to execute commands ...

HackTheBox: Fluffy

14 minute read

This box is rated easy difficulty on HTB. It involves us grabbing a PDF from an available SMB share that hints at unpatched CVEs on the Domain Controller. Us...

HackTheBox: Puppy

9 minute read

This box is rated medium difficulty on HTB. It involves adding ourselves to a Developers group to gain access to an SMB share containing a password-protected...

HackTheBox: Voleur

13 minute read

This box is rated medium difficulty on HTB. It involves us configuring our system for Kerberos authentication in order to grab a password-protected excel spr...

HackTheBox: Authority

14 minute read

This box is rated medium difficulty on HTB. It involves us discovering Ansible vault passwords in an exposed SMB share. After cracking the corresponding pass...

HackTheBox: Redelegate

15 minute read

This box is rated hard difficulty on HTB. It involves us discovering a KeePass database file on an FTP server allowing anonymous logins. After cracking the p...

HackTheBox: Forest

9 minute read

This box is rated easy difficulty on HTB. It involves us enumerating LDAP through anonymous binds, creating a wordlist that can be used to AS-REP Roast a ser...

HackTheBox: Access

5 minute read

This box is rated easy difficulty on HTB. It involves us pillaging an FTP server to grab a Microsoft Access Database file and an encrypted Zip archive. After...

HackTheBox: Remote

7 minute read

This box is rated easy difficulty on HTB. It involves us discovering an NFS share which can be mounted to grab a backup of the website. Digging through the s...

HackTheBox: Popcorn

6 minute read

This box is rated medium difficulty on HTB. It involves us finding a file upload vulnerability in a Torrent Hosting application that allows us to execute a r...

HackTheBox: Love

8 minute read

This box is rated easy difficulty on HTB. It involves us finding an SSRF vulnerability on a file scanning application that allows us to view an internal pass...

HackTheBox: Mentor

13 minute read

This box is rated medium difficulty on HTB. It involves brute-forcing an SNMP community string which leads to us finding a password being used an argument. U...

HackTheBox: Jarvis

9 minute read

This box is rated medium difficulty on HTB. It involves us finding a SQL injection vulnerability in a custom web application that allows us to dump a databas...

HackTheBox: Querier

8 minute read

This box is rated medium difficulty on HTB. It involves us enumerating an SMB share to collect an Excel spreadsheet with macros enabled. Inspecting the VBA d...

HackTheBox: Snapped

18 minute read

This box is rated hard difficulty on HTB. It involves us finding a backup API on the site’s admin virtual host, allowing us to create a backup of nginx confi...

HackTheBox: Heist

10 minute read

This box is rated easy difficulty on HTB. It involves us finding a Support site that allows guest logins. On the site, we read a chat history between a user ...

HackTheBox: Certified

14 minute read

This box is rated medium difficulty on HTB. It involves us enumerating ACLs to pivot between users, eventually landing on the CA_Operator account. Using this...

HackTheBox: Dog

6 minute read

This box is rated easy difficulty on HTB. It involves us discovering an exposed Git repository on a content management site that gives us user credentials. A...

HackTheBox: LinkVortex

9 minute read

This box is rated easy difficulty on HTB. It involves us discovering a developer virtual host that contains an exposed Git directory. After downloading all t...

HackTheBox: Mailing

12 minute read

This box is rated easy difficulty on HTB. It involves us discovering an LFI vulnerability in the website, which allows us to get the hMailServer’s Administra...

HackTheBox: Administrator

8 minute read

This box is rated medium difficulty on HTB. It involves us enumerating Access Control Lists (ACLs) over privileged objects in order to pivot between several ...

HackTheBox: ServMon

9 minute read

This box is rated easy difficulty on HTB. It involves us discovering the location of a password list over anonymous FTP login, and utilizing a vulnerable NVM...

HackTheBox: Editor

9 minute read

This box is rated easy difficulty on HTB. It involves us finding a virtual host on a website running a vulnerable version of Xwiki. We can get RCE on the sys...

HackTheBox: Manager

11 minute read

This box is rated medium difficulty on HTB. It involves us enumerating domain users by brute-forcing RIDs and password spraying to get valid credentials for ...

HackTheBox: CozyHosting

10 minute read

This box is rated easy difficulty on HTB. It involves us enumerating a Spring Boot web application to find an exposed actuator endpoint which allows us to st...

HackTheBox: Timelapse

5 minute read

This box is rated easy difficulty on THM. It involves us extracting a certificate and private key from a PFX file on an SMB share to get a shell via WinRM, g...

HackTheBox: Tombwatcher

14 minute read

This box is rated medium difficulty on HTB. It involves us pivoting between user accounts with GMSA, targeted Kerberoasting, force changing passwords, and gr...

HackTheBox: Monitored

15 minute read

This box is rated medium difficulty on HTB. It involves us gathering credentials over SNMP which can be used for a disabled account on the website. Using the...

HackTheBox: BoardLight

7 minute read

This box is rated easy difficulty on HTB. It involves us using default credentials on a subdomain that’s running a CRM site. Being an outdated version, we ca...

HackTheBox: Soccer

9 minute read

This box is rated easy difficulty on HTB. It involves us getting administrative access to a file manager website using default credentials and exploiting a p...

HackTheBox: Flight

12 minute read

This box is rated hard difficulty on HTB. It involves LFI, NTLM theft, password spraying, uploading reverse shells, plenty of enumeration, port forwarding, a...

HackTheBox: Cicada

6 minute read

This box is rated easy difficulty on THM. It involves using Guest authentication to discover a default password on an SMB share, finding more passwords throu...

HackTheBox: Usage

7 minute read

This box is rated easy difficulty on HTB. It involves us exploiting SQL injection to dump a web application’s database and sign in as an Administrator. Then ...

HackTheBox: Keeper

5 minute read

This box is rated easy difficulty on HTB. It involves us logging into a ticket support site with default credentials which leads to grabbing a plaintext pass...

HackTheBox: Jeeves

6 minute read

This box is rated medium difficulty on HTB. It involves us grabbing a reverse shell by using Jenkins’ script console, decrypting a KeePass database file to g...

HackTheBox: Magic

7 minute read

This box is rated medium difficulty on HTB. It involves us bypassing both a login page via SQL injection and a file upload filter by manipulating magic bytes...

HackTheBox: Builder

4 minute read

This box is rated medium difficulty on HTB. It involves us exploiting a vulnerable Jenkins application to read files on the server. Parsing XML files grants ...

HackTheBox: Networked

8 minute read

This box is rated easy difficulty on HTB. It involves us bypassing file upload filters to get a shell on the box as Apache, exploiting a vulnerable cronjob t...

HackTheBox: Editorial

8 minute read

This box is rated easy difficulty on HTB. It involves us using an SSRF vulnerability within the site’s upload feature to fuzz for internal APIs. In doing, so...

HackTheBox: Pandora

8 minute read

This box is rated easy difficulty on THM. It involves us gathering plaintext credentials via SNMP to get a shell on the system, port forwarding an internal w...

HackTheBox: Broker

5 minute read

This box is rated easy difficulty on THM. It involves us guessing default credentials on a webserver to disclose what version of ActiveMQ is running. Looking...

HackTheBox: Cascade

10 minute read

This box is rated medium difficulty on THM. It involves us enumerating LDAP to find that a user’s account contains a legacy password attribute that we can us...

HackTheBox: Intentions

14 minute read

This box is rated hard difficulty on HTB. It involves us grabbing Bcrypt hashes through second-order SQL injection, getting RCE on the site via the Imagick P...

HackTheBox: StreamIO

15 minute read

This box is rated medium difficulty on HTB and took me a very long time to complete. It involves us dumping the website’s database via MSSQL injection, explo...

HackTheBox: Blackfield

7 minute read

This box is rated hard difficulty on HTB. It involves us enumerating valid users via SMB guest authentication and AS-REP roasting a support account which giv...

HackTheBox: Monteverde

4 minute read

This box is rated medium difficulty on HTB. It involves us password spraying on SMB to find an XML file with user credentials inside, as well as abusing Azur...

HackTheBox: UpDown

9 minute read

This box is rated medium difficulty on HTB. It involves us getting access to a developer subdomain via an exposed Git repository on the main site. Then, we g...

HackTheBox: Sau

4 minute read

This box is ranked easy difficulty on HTB. It involves us exploiting an SSRF vulnerability to forward a web server running internally on port 80. Then, we us...

HackTheBox: Escape

9 minute read

This box is rated medium difficulty on HTB. It involves us finding msSQL credentials inside of a PDF on an SMB share, which allows us to logon as a service a...

HackTheBox: Busqueda

4 minute read

This box is rated easy difficulty on HTB. I’m starting to go down the list on TJNull’s OSCP-like boxes list for good practice and get a head start on what I ...

Back to Top ↑

Personal

Masterpiece

6 minute read

This is vulnerable machine was a side project of mine that also served as great practice for Python, web exploitation, and Linux privilege escalation techniq...

Back to Top ↑

Research

Back to Top ↑

Tooling

Back to Top ↑