Registry is a 40-point machine on HackTheBox that involves interacting with a docker registry to download a docker image and finding a password and ssh private key inside. For root we exploit a fla...

Control is a 40-point windows machine on hackthebox that involves a sql injection which we use to upload a webshell. Then we modify the path of a service executable in the registry to become system...

Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file which is opened automatically by the local administrator. Notes Remote ...

Forest is a 20-point active directory machine on HackTheBox that involves user enumeration, AS-REP-Roasting and abusing Active Directory ACLs to become admin. Notes To route your windows vm thr...

Postman is a 20-point machine on hackthebox, that involves using redis to write an ssh key to disk, cracking the password of a private key and exploiting a webmin vulnerability with metasploit. No...

Bankrobber is a 50-point machine on hackthebox that involves exploiting a cross site scripting vulnerability to gain access to an admin account, using a command injection to get a user shell and ex...

Scavenger is a 40 Point machine on hackthebox that involves a lot of enumeration, a SQL injection, and in my video, an unintended root by exploiting exim. Notes SQL injection: ') UNION (SELECT...

Dream Diary 3 is a 80 points pwn challenge on hackthebox that involes abusing a null byte overflow on the heap with glibc 2.29. All modern protections are enabled & seccomp is hindering us to c...

Zetta is 40-point machine on hackthebox. We will get the ipv6 address of the box via ftp, use rsync to get access to ssh and finally abuse a sql injection in rsyslogd to get root. User Flag Ope...

Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for privilege escalation. You can reverse a binary, exploit ftp or use th...