Jet [Fortress]In this lab, you will explore various security challenges. First, you’ll Connect to the environment and get started. As you progress, begin Digging in to uncover hidden information. M...

GreenHorn is an easy machine by HackTheBox where we are dealing with a Pluck web application , digging around we find the source code of the web app from there we gain access to admin panel where w...

K2 had us solve three machines in sequence, using our findings from the previous machines to tackle the next one. We began with Base Camp, where we targeted a web application and discovered severa...

MonitorsThree is a Medium HackTheBox machine where we start by enumerating a web server finding an SQLi that leads to data leak for then gaining a reverse shell by exploiting a vulnerability in cac...

Initial Enumeration Nmap Scan └─$ nmap -sV 10.10.11.28 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 00:29 CST Nmap scan report for 10.10.11.28 Host is up (0.18s latency). Not shown: 99...

The London Bridge began with fuzzing a web application to discover an endpoint. By fuzzing this endpoint for parameters, we identified one vulnerable to SSRF. Using this vulnerability to enumerate ...

Cheese CTF was a straightforward room where we used SQL injection to bypass a login page and discovered an endpoint vulnerable to LFI. By utilizing PHP filters chain to turn the LFI into RCE, we ga...

Caption on HackTheBox is a Windows machine challenge that tests cybersecurity skills by requiring users to exploit web server vulnerabilities, gain a reverse shell, escalate privileges, and capture...

Trickster starts off by discovering a subdoming which uses PrestaShop. Dumping a leaked .git folder gives source code and admin panel is found. Chaining XSS and Theme Upload, www-data user is reach...

Breakme started by discovering a WordPress installation and logging in through brute-forcing the credentials. After logging in, we exploited a vulnerability in an installed plugin, which allowed us...