In this post I will walk through the process of creating a simple coverage based fuzzer. The code of this project is on available here. The general idea here is that you download the code and read ...

Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning. User Flag ...

Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author left in an unintended solution), and a custom kernel exploit to get root. ...

Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both first bloods here. User & Root Flag We start with a quick tcp port scan and see th...

Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit. User Flag We start by scann...

SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse. User Flag We start with a quick port scan: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2...

Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden password in a git repository ;) User Flag As usual we start with...

Onetwoseven is a great machine on hackthebox, featuring symbolic links, port forwarding through sftp and some typical web application exploitation. For escalation of privilege we abuse sudo apt-get...

Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing. User Flag Starting with a tcp port scan we get the following result: 80/tc...

Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving password hashes from backups (via SAM) and a privilege escalation that involves sto...