Fuse is based on Printers in corporate environment making it quite realistic machine, We’ll complete it using both Intended and Unintended method. We start off with web enumeration of a printer ...

Dyplesher was one of the toughest machine I’ve ever encountered with lots of new things to learn. Initial enumeration leads us to a virtual host with a .git directory exposing credentials for me...

Blunder was an cool box with two interdependent web application vulnerabilities, Starting off with Web Enumeration we discover a blog hosted on Bludit CMS, going through Github releases indicate...

Cache was a fun box, Initial web enumeration leads us to hardcoded credentials stored inside simple login page which uses client side validation, then discover a new VHost running a vulnerable i...

Blackfield was a exceptional Windows box centralized on Active Directory environment, initial SMB enumeration reveals potential usernames of Domain accounts. We validate them using kerbrute - a ...

Admirer is an easy box with bunch of rabbit holes where usual enumeration workflow doesn’t work forcing us think out of the box and gather initial data. We’ll start with web-recon where will fin...

Travel from HackTheBox is an amazing machine as it involves Source Code review and SSRF which I personally enjoy a lot. We’ll start with basic enumeration where we land up with multiple VHosts, ...

Lame is the first machine published on HackTheBox which is vulnerable to SAMBA 3.0.20 (CVE-2007-2447) and Distcc(CVE-2004-2687) exploits. First we will own root using SAMBA exploit manually and ...

Remote from HackTheBox is an Windows Machine running a vulnerable version of Umbraco CMS which can be exploited after we find the credentials from an exposed NFS share, After we get a reverse sh...

Legacy from HackTheBox is an retired machine which is vulnerable to infamous MS08-067 & MS17-010 SMB vulnerabilities which can be easily exploited with publicly available scripts and Metaspl...