Resolute is a 30-point Windows machine on HackTheBox that involves enumerating LDAP, Password Spraying, and using the DNSAdmins group to register a custom plugin DLL which allows us to execute code...

Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the boxes’s webserver and a replaceable shared library used by a binary we can ru...

Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document and a local file inclusion that involves path traversal and calculating the na...

Obscurity is a 30-point Linux machine on HackTheBox that involves exploiting a command injection in a custom webserver, breaking a simple cipher and abusing file system permissions to get root. ...

OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo entry for nano.

Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a mongo database. For root we find the tool jjs, which is owned by root an...

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key and abusing a sudo entry for journalctl. ...

Registry is a 40-point machine on HackTheBox that involves interacting with a docker registry to download a docker image and finding a password and ssh private key inside. For root we exploit a fla...

Control is a 40-point windows machine on hackthebox that involves a sql injection which we use to upload a webshell. Then we modify the path of a service executable in the registry to become system...

Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file which is opened automatically by the local administrator. Notes Remote ...