Academy @ HackTheBox
Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo composer.
27Feb
Related Posts
19Jan
Lab – Baby Walkthrough
Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup &... read more
21Nov
Buff @ HackTheBox
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a... read more
15Feb
Json @ HackTheBox
Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for privilege... read more
16Oct
Dynamic DNS & Command Injection – Dynstr @ HackTheBox
We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection. read more
11Jul
Book @ HackTheBox
Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then... read more
04Jul
ForwardSlash @ HackTheBox
ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse... read more
18Apr
Mango @ HackTheBox
Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a... read more
16Feb
Giddy @ HackTheBox
In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing... read more
22May
Getting Access through the Helpdesk – Delivery @ HackTheBox
We are going to solve Delivery, a 20-point machine on HackTheBox. For user, we will bypass email verification on a... read more
03Apr
Hacking Time @ HackTheBox
Time is a 30-point machine on HackTheBox that involves using a public exploit for a CVE and overwriting a shell... read more