Hackthebox

12 Posts

Aragog

Exploiting External Entity (XXE) Injection to get a shell, and abusing a developer's bad habits to escalate to root.

12 Nov 2023 13 min read

A cybersecurity challenge, demonstrating the exploitation of the Heartbleed vulnerability in OpenSSL and the Dirty COW vulnerability in Linux to exfiltrate sensitive information and gain root user privileges.

22 Sep 2018 7 min read

Nibbles

A step-by-step guide on exploiting a data validation vulnerability in an image upload plugin, demonstrating how to bypass content filters to execute malicious code and gain unauthorized access to a remote system.

18 Jul 2018 7 min read

Chatterbox

A comprehensive guide on identifying and exploiting buffer overflow vulnerablities in third-party applications, using tools like nmap for system enumeration and vulnerability scanning.

23 Jun 2018 9 min read

Jeeves

A challenge that highlights the exploitation of broken access controls on a Jenkins installation and poor password practices on a KeePass database to gain unauthorized access and fully compromise the system.

20 May 2018 9 min read

Bashed

Exploiting a web server that's being used as a development environment by abusing artifacts left behind by the developer

29 Apr 2018 4 min read

Sense

A cybersecurity challenge, demonstrating the exploitation of vulnerabilities in firewall appliances, specifically misconfigurations in a web server, to gain unauthorized access to a network.

25 Mar 2018 5 min read

Shocker

A cybersecurity challenge focusing on exploiting the ShellShock vulnerability (also known as bashdoor) in the Unix bash shell, using basic command line tools like curl for sending and receiving web requests.

17 Feb 2018 4 min read

Solidstate

A practical demonstration of the risks associated with emailing user credentials in plain text, showcasing how exploiting a mail server and leveraging misconfigured file permissions can lead to system compromise.

2 Feb 2018 9 min read

Mirai

An exploration of an IoT-themed HackTheBox challenge, demonstrating the risks associated with default credentials in Linux-based IoT devices, which can be exploited by malware like Mirai to create remotely controlled botnets

2 Feb 2018 5 min read

Blue

A detailed guide on exploiting the EternalBlue vulnerability (MS17-010) via Metasploit, demonstrated on a machine from HackTheBox.eu.

19 Jan 2018 1 min read

Blocky

Block is a Minecraft-themed exercise demonstrating the risks of hardcoding credentials in software development.

16 Jan 2018 4 min read