HackTheBox - Sense Writeup

Sense is an easy Hack The Box Linux machine featuring a vulnerable pfSense firewall. Although a public PoC exploit exists, it is unreliable. A more stable approach using the same pfSense vulnerability is required to gain remote access. Once exploited, it provides a straightforward path to root.

HackTheBox - Shocker Writeup

Shocker is a simple Hack The Box machine that highlights the critical impact of the Shellshock vulnerability, which once affected millions of public-facing servers worldwide.

HackTheBox - Mirai Writeup

Mirai is an easy Linux machine highlighting the risks of poorly configured IoT devices. It showcases how botnets exploit these vulnerabilities for rapid attacks and long-term persistence, reflecting a growing real-world threat.

HackTheBox - Blocky Writeup

Blocky is a straightforward Hack The Box (HTB) machine inspired by a real-world scenario. It highlights the dangers of poor password management and exposed internal files on public systems. Additionally, it showcases a major attack surface through Minecraft servers—widely deployed and often misconfigured by inexperienced admins—making them prime targets.

HackTheBox - Bank Writeup

Bank is an easy Hack The Box Linux machine featuring a custom PHP banking app. An exposed /balance-transfer endpoint leaks valid credentials via an improperly encrypted .acc file. Authenticated access reveals a file upload bypass using a .htb extension, leading to RCE as www-data. Privilege escalation is achieved by exploiting a custom SUID binary (/var/htb/bin/emergency) to gain root access.

HackTheBox - Arctic Writeup

Arctic is an easy Hack The Box Windows machine featuring a vulnerable Adobe ColdFusion server. Initial access is gained via an unauthenticated file upload exploit. After obtaining a reverse shell, privilege escalation is achieved using the MS10-059 vulnerability, resulting in full system compromise.

HackTheBox - Nibbles Writeup

Nibbles is an easy Hack The Box Linux machine featuring a custom blogging platform. A login blacklist adds a slight challenge, but username enumeration and basic password guessing lead to access. Once logged in, a vulnerable file upload function enables Remote Code Execution, resulting in a shell. Privilege escalation is achieved via a poorly secured root script.

HackTheBox - Validation Writeup

HackTheBox - Timelapse Writeup

Timelapse is an easy Hack The Box Windows machine that begins with accessing an open SMB share containing a password-protected ZIP file. The ZIP and a contained .pfx file are cracked using John the Ripper, allowing extraction of a certificate and private key. These are used to authenticate via WinRM. Further enumeration reveals stored PowerShell history with credentials for the svc_deploy user, who is a member of the LAPS_Readers group. This group can retrieve local admin passwords managed by LAPS, which is leveraged to obtain the domain Administrator's credentials and gain full access to the machine.

HackTheBox - Grandpa Writeup

Grandpa is an easy Windows machine vulnerable to CVE-2017-7269, a critical IIS exploit that allows remote code execution and was widely abused to compromise thousands of servers globally.