🌟 wither's blog

HackTheBox Machines

HackTheBox - Machines

Comprehensive writeups for HackTheBox machines across Easy, Medium, Hard, and Insane difficulties

Total 187 reports , currently page 4 of 19 (10 per page)

💡 Ctrl + K to quickly focus search box

Signed

In general, there are many paths to root on this machine, but for the user part, it is very unstable when verifying mssql. If you always receive the prompt: "Connection refused because the domain name...

2025-10-15 04:40 18.0 KB 7 images HTB Medium

Lock

Lock is an easy Windows box: enumerate a Gitea repo to get a Personal Access Token, deploy an ASPX web shell for initial access, decrypt a password from an mRemoteNG config to access another user, the...

2025-10-13 12:50 22.9 KB 17 images HTB Easy

Manage

Manage is an easy Linux box: exploit an exposed Java RMI/JMX service for RCE as tomcat, find leaked SSH keys and OTPs from a misconfigured backup to move to useradmin, then abuse a sudo misconfigurati...

2025-10-13 12:50 33.3 KB 2 images HTB Easy

Reset

Reset (Easy) gained remote code execution by poisoning logs and abusing the website's password reset function; it then leveraged Rservices and sudo permissions on nano in a separate tmux session to el...

2025-10-10 05:59 11.6 KB 13 images HTB Easy

RetroTwo

RetroTwo (Easy, Windows): Downloads a password-protected .accdb from an open SMB, decrypts it, and extracts AD credentials in VBA; leverages a pre-configured computer account with GenericWrite permiss...

2025-10-10 05:59 30.0 KB 9 images HTB Easy

VulnEscape

VulnEscape is an Easy Windows machine: Log in via default RDP as KioskUser0 without a password. Edge's file:// bypass allows browsing the file system and opening PowerShell in a restricted environment...

2025-10-10 05:59 13.7 KB 22 images HTB Easy

VulnCicada

VulnCicada is a mid-level Windows AD machine: after discovering an image with a hidden password in a public share, it used that password to identify a vulnerability that could be exploited by ESC8, wh...

2025-10-10 05:59 25.1 KB 2 images HTB Medium

Data

By exploiting Grafana's CVE-2021-43798 path traversal, the database can be read, hashes that can be cracked by Hashcat can be extracted and converted, and then boris's SSH login can be obtained; this ...

2025-10-07 06:52 19.0 KB 1 images HTB Easy

Retro

"Retro" is an Easy Windows machine that exposes an Active Directory Domain Controller. Access to the system was gained through SMB enumeration and exploitation of a pre-created machine account. This w...

2025-10-07 06:52 27.2 KB HTB Easy

DarkZero

The overall challenge on this machine wasn't too great, but the main frustration was escalating privileges on the DC02 machine. I'm not sure if this is due to MSF issues or the machine itself. When us...

2025-10-05 13:58 37.0 KB HTB Hard
Jump to