Blogs by Category: [ hack-the-box ]

Crack zip file and then crack the password found in the source code. Exploit SQL Injection & escalate privileges using misconfigured permission on vi.

Uncover hidden login pages, manipulate cookies, upload a PHP reverse shell, and exploit a misconfigured SUID binary to go from guest to root.

Windows machine with Gym Management System 1.0. It has an unauthenticated RCE. Debug service on local port and exploit it after port forwarding.

Linux machine with Bludit CMS. Bypass the brute force protection, exploit file upload, and leverage sudo vulnerability - CVE-2019-14287 - for root.

Devel, demonstrates the security risks associated with some default program configurations and can be completed using publicly available exploits.

Blue, while possibly the most simple machine on Hack The Box, demonstrates the severity of the EternalBlue exploit.