15 docs tagged with "HackTheBox"

Easy Linux box exploiting an XXE to read files and Python eval in a root ticket validator.

Easy Linux web machine with a vulnerable Dolibarr CMS (CVE‑2023‑30253) and SUID root escalation via Enlightenment WM.

Easy Windows box exploiting Gym Management Software RCE then a CloudMe buffer overflow for PrivEsc.

Easy Linux box leveraging blind XSS in a contact form and a command injection for shell and PrivEsc.

Easy Windows box using default Tomcat Manager credentials to deploy a WAR reverse shell and gain SYSTEM.

Easy Linux box abusing default creds on Request Tracker, KeePass dump (CVE‑2023‑32784) to retrieve root SSH key.

Easy Windows XP machine vulnerable to MS08‑067 EternalBlue SMB exploit for root.

Medium Linux box abusing SNMP creds, Nagios XI SQLi + API abuse to gain command execution and root PrivEsc.

Easy Windows box with anonymous FTP to steal PRTG config, then RCE via PRTG Network Monitor.

Easy Windows machine exploiting HttpFileServer 2.3 RCE for initial shell and unpatched kernel vulnerability for PrivEsc.

Easy Linux box exploiting SSTI in a grade calculator, cracking hashes, and sudo-based PrivEsc.

Medium Linux machine exploiting CVE‑2023‑42793 in TeamCity for initial access, followed by CVE‑2024‑21626 via Portainer for container escape and PrivEsc.

Easy Active Directory Windows box using AS-REP Roasting and Kerberoasting to escalate to SYSTEM.

Easy Windows box with SQL injection in a Docker Toolbox‑hosted app, leading to container escape and host PrivEsc.

Easy Linux box using blind SQLi to dump DB, Laravel file‑upload webshell, and local binary PrivEsc.