Hack the Box


Topic:

Writeup

Sun, Aug 01, 2021

My writeup for the HacktheBox Writeup machine. This was a really fun box that used a CMS vulnerability to grab a user password, and a MOTD exploit for root.

Devel

Sun, Aug 01, 2021

My writeup for the HacktheBox Devel machine. A simple box involving an unrestricted webshell upload and Juicy Potato for System.

Shocker

Sun, Aug 01, 2021

My writeup for the HacktheBox Shocker machine. An easy box that involved exploiting Shellshock followed by a Perl GTFOBin.

Armageddon

Sat, Jul 24, 2021

My writeup for the HacktheBox Armageddon machine. An easy box that used a Drupal exploit followed by Dirty Sock, an exploit of snap running as root.

Atom

Sun, Jul 18, 2021

My writeup for the HacktheBox Atom machine. A medium-rated box that involved exploiting an auto-updater in an Electron app and finding some exposed Redis credentials.

Optimum

Sun, Jun 20, 2021

My writeup for the HacktheBox Optimum Machine. An easy machine that involved exploiting HFS and MS16-030.

Scriptkiddie

Sat, Jun 12, 2021

My writeup for the HacktheBox Scriptkiddie machine. A fairly easy but extremely fun and flavourful Linux machine involving breaking a kid hacker's site.

Cereal

Thu, Jun 10, 2021

My writeup for the HacktheBox Cereal Machine (User only). A really difficult Web machine involving a chain of XSS and Deserialisation vulnerabilities in a .NET application.

Bashed

Thu, May 06, 2021

My writeup for the HacktheBox Bashed Machine, a box that involved finding a built-in PHP shell on a website for foothold, and exploiting an automated root process for root.

Jerry

Tue, May 04, 2021

My writeup for the HacktheBox Jerry Machine, an easy box that involves uploading a malicious WAR file to a badly secured Tomcat server.

Lame

Tue, May 04, 2021

My writeup for the HacktheBox Lame Machine, an easy box that involves exploiting a command injection in SMB login.

Legacy

Sun, May 02, 2021

My writeup for the HacktheBox Legacy Machine, another simple box that requires exploiting Eternal Blue on Windows XP.

Blue

Sat, May 01, 2021

My writeup for the HacktheBox Blue Machine, a simple box that requires exploiting Eternal Blue to get SYSTEM access.

Bucket

Thu, Apr 29, 2021

My writeup for the HacktheBox Bucket Machine. An extremely fun medium-rated machine that involved AWS Localstack and exploiting a locally hosted website.

About


This blog will contain writeups of retired Hack the Box machines.