Command Injection & Path Hijacking – Previse @ HackTheBox

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase... read more

Onetwoseven is a great machine on hackthebox, featuring symbolic links, port forwarding through sftp and some typical web application exploitation.... read more

Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this... read more

Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite... read more

Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one... read more

Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup &... read more

Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed... read more

AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of... read more

Heist is an "easy" machine on hackthebox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). read more

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more