MonitorsFour
Overall, it's a very interesting Docker escape machine, and its exploitation of the web portion is one of the latest CVEs.
HackTheBox - Machines
Comprehensive writeups for HackTheBox machines across Easy, Medium, Hard, and Insane difficulties
Total 171 reports , currently page 1 of 18 (10 per page)
💡 Ctrl + K to quickly focus search box
Fries
``` ┌──(wither㉿localhost)-[~/Templates/htb-labs/Hard/Fries] └─$ nmap -sC -sV -Pn 10.129.235.12 -oN ./nmap.txt Starting Nmap 7.95 ( https://nmap.org )...
Eighteen
Overall, it's a very clunky Active Directory machine, especially in its use of web applications. Using the admin account's password as the universal password is incredibly uninspired.
Bruno
Bruno is a moderately difficult Windows domain machine. The attack chain begins with an insecure ZIP decompression of the service, resulting in a zip-slip that writes a malicious DLL to C:\samples\app...
NanoCorp
Overall, it's a very simple machine; both the starting point and the privilege escalation seem to be the expected steps.
Breach
Breach (medium, Windows): guest SMB write access is used to capture NTLMv2 hashes and obtain a low-privileged domain account. A kerberoastable svc_mssql service account is discovered and cracked; with...
Giveback
Overall, it's a very classic WordPress to Kubernetes migration machine. While it has some hard-coded elements and a CTF-like design.
Dump
By exploiting the website's PCAP upload/packaging function, malicious wildcards were injected into the zip command to achieve RCE and obtain a shell; the password from the database was used to move to...
Redelegate
On Redelegate, the attacker first downloaded the KeePass database via anonymous FTP and used the credentials to log into the local MSSQL database. They then performed enumeration and password spraying...
Store
The system exploits directory traversal through Express file storage to leak files encrypted with weak XOR (9 bytes), decrypts them to obtain SFTP credentials, accesses the host via SFTP, obtains an i...
Jump to