Cobblestone
Regarding the foothold, our team discovered an XSS vulnerability and an unused user named "John." Perhaps SQL injection isn't the intended exploit? After all, this is an insane machine, so simply usin...
HackTheBox - Machines
Comprehensive writeups for HackTheBox machines across Easy, Medium, Hard, and Insane difficulties
Total 132 reports , currently page 1 of 14 (10 per page)
💡 Ctrl + K to quickly focus search box
Editor
Very easy linux machine in this period.
Administrator
1, Port scan ``` PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-syst: |_ SYST: Windows_NT 53/tcp open dom...
Backfire
1,Recon port scan ``` PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u4 (protocol 2.0) | ssh-hostkey: | ...
Blurry
The CVE exploitation of the footprint is relatively complex, and mainly requires reading the POC document. For root, its cleanup script runs too frequently, and it needs to be completed as soon as pos...
Cat
1,Recon port scan ``` PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: ...
Certified
Very typical AD machine, not too much, every step is very obvious.
Compiled
It mainly exploited the CVE-2024-32002 vulnerability of git to gain a foothold, then enumerated the gitea database to obtain the credentials of other users. Finally, it used CVE-2024-20656 to escalate...
Cypher
1,Recon port scan ``` PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: ...
Environment
This machine, as its name suggests, is related to the environment.
Jump to