HackTheBox - Machines

Comprehensive writeups for HackTheBox machines across Easy, Medium, Hard, and Insane difficulties

Total 150 reports , currently page 1 of 15 (10 per page)

💡 Ctrl + K to quickly focus search box

Data

By exploiting Grafana's CVE-2021-43798 path traversal, the database can be read, hashes that can be cracked by Hashcat can be extracted and converted, and then boris's SSH login can be obtained; this ...

2025-10-07 06:52 19.0 KB 1 images HTB Easy

Retro

"Retro" is an Easy Windows machine that exposes an Active Directory Domain Controller. Access to the system was gained through SMB enumeration and exploitation of a pre-created machine account. This w...

2025-10-07 06:52 27.2 KB HTB Easy

🔒 DarkZero

The overall challenge on this machine wasn't too great, but the main frustration was escalating privileges on the DC02 machine. I'm not sure if this is due to MSF issues or the machine itself. When us...

2025-10-05 13:58 37.0 KB HTB Hard LOCKED

Down

There is a simple code review and a trick use of curl,kind of interesting.

2025-10-04 07:45 11.0 KB 8 images HTB Easy

BabyTwo

Overall, it's a very basic AD machine. The only unexpected thing is checking whether the user's password is the same as the username, which is definitely not something I would consider when attacking ...

2025-10-04 07:45 29.1 KB 4 images HTB Medium

🔒 Imagery

In general, for the foothold exploitation part, the initial upload vulnerability turned out to be a rabbit hole, and the XSS vulnerability used was also expected.

2025-10-04 07:45 18.8 KB 11 images HTB Medium LOCKED

Race

Overall, the use of the foothold is very interesting, especially the use of the forgotten password link is really unexpected. Without a certain reading of the code, it is difficult to guess that the e...

2025-10-04 07:45 25.1 KB 16 images HTB Hard

Shibuya

This AD domain machine is incredibly useful, especially for lateral movement. Using RemotePotato0 to perform Cross Session Relay is a classic example. This type of abuse is always effective, especiall...

2025-10-04 07:45 45.3 KB 4 images HTB Hard

Delegate

It is a very standard AD domain machine. The overall difficulty is not high, and it is not difficult to confirm the vulnerability, especially for the privilege escalation part. The technique of abusin...

2025-09-28 06:17 30.3 KB 1 images HTB Medium

Media

The only thing I find odd and annoying about this machine is that the reverse shell code I use won't work anyway, forcing me to resort to using the msfvenom exe payload.

2025-09-28 06:17 28.0 KB 6 images HTB Medium

1 2 3

Jump to