Related Posts
Crossfit @ HackTheBox
Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some... read more

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox
Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from... read more
SwagShop @ HackTheBox
SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse. read more
Book @ HackTheBox
Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then... read more
Passage @ HackTheBox
Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one... read more
JWT & Docker CVE – TheNotebook @ HackTheBox
We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use... read more
Hacking Time @ HackTheBox
Time is a 30-point machine on HackTheBox that involves using a public exploit for a CVE and overwriting a shell... read more
Irked @ HackTheBox
This short write-up is about Irked, a rather easy machine on hackthebox featuring an irc backdoor, some steganography and a... read more
Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox
We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a... read more
.NET Remoting & WCF – Sharp @ HackTheBox
We will solve Sharp, a 40-point machine on HackTheBox that is all about C-Sharp & .Net. For user, we exploit... read more