Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the a...

Nest is a 20-point Windows machine on HackTheBox that involves searching through smb shares and analyzing 2 short custom programs.

P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active Directory ACLs. Thanks to mrb3n and eks for creating this fun lab!

Resolute is a 30-point Windows machine on HackTheBox that involves enumerating LDAP, Password Spraying, and using the DNSAdmins group to register a custom plugin DLL which allows us to execute code...

Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the boxes’s webserver and a replaceable shared library used by a binary we can ru...

Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document and a local file inclusion that involves path traversal and calculating the na...

Obscurity is a 30-point Linux machine on HackTheBox that involves exploiting a command injection in a custom webserver, breaking a simple cipher and abusing file system permissions to get root. ...

OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo entry for nano.

Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a mongo database. For root we find the tool jjs, which is owned by root an...

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key and abusing a sudo entry for journalctl. ...