Buff @ HackTheBox
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a port. User As usual we start with a portscan: nmap -Pn -sV -sC b...
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a port. User As usual we start with a portscan: nmap -Pn -sV -sC b...
Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the hash of one the users. For root, we find the logon password for an acc...
Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then use a Local File Inclusion vulnerability to obtain an SSH key. By exploiting a lo...
ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse a custom backup program to read an old configuration file. For root we...
Player2 is a 50-point Linux machine on HackTheBox. For user we do some web fuzzing, call a twirp method to get credentials, find hidden backup totp codes, and then bypass a signature check on a fir...
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the a...
Nest is a 20-point Windows machine on HackTheBox that involves searching through smb shares and analyzing 2 short custom programs.
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active Directory ACLs. Thanks to mrb3n and eks for creating this fun lab!
Resolute is a 30-point Windows machine on HackTheBox that involves enumerating LDAP, Password Spraying, and using the DNSAdmins group to register a custom plugin DLL which allows us to execute code...
Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the boxes’s webserver and a replaceable shared library used by a binary we can ru...