Crossfit @ HackTheBox

Related Posts

18Sep

HTTP Request Smuggling & AWS – Sink @ HackTheBox

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. read more

22Jan

SSRF & Python Debugger – Forge @ HackTheBox

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more

02May

OpenAdmin @ HackTheBox

OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo... read more

28Mar

Arkham @ HackTheBox

Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite... read more

17Sep

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox

Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from... read more

03Nov

Ekoparty 2022 BFS Windows Challenge

In this blog post, we will solve the Windows userland challenge that Blue Frost Security published for Ekoparty 2022. read more

01May

.NET Remoting & WCF – Sharp @ HackTheBox

We will solve Sharp, a 40-point machine on HackTheBox that is all about C-Sharp & .Net. For user, we exploit... read more

06Nov

Active Directory, Reverse Engineering & Unintended Solutions – Pivotapi @ HackTheBox

We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory... read more

27Aug

Resource-Based Constrained Delegation – Resourced @ PG-Practice

Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD... read more

30Jul

Sauna @ HackTheBox

Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the... read more