HackTheBox: Connected
This writeup is locked
It stays hidden until the box retires. Enter the password to read it.
Wrong password, try again.
Related writeups
HackTheBox: Trick
An Easy Linux box: a DNS zone transfer leaks a preprod payroll vhost, a boolean SQL injection with the MySQL FILE privilege reads the nginx config to expose a second vhost, then a str_replace LFI bypass combined with SMTP mail-spool poisoning lands RCE as michael - and a writable fail2ban action plus a passwordless sudo restart escalates to root.
Read
HackTheBox: Altered
A Hard Linux Laravel box: username enumeration and an X-Forwarded-For rate-limit bypass let wfuzz brute-force the 4-digit reset PIN, a type-juggling SQL injection in the profile API dumps the database and writes a PHP webshell via INTO OUTFILE for a www-data shell, then a vulnerable 5.16 kernel falls to Dirty Pipe (CVE-2022-0847) for root.
Read
HackTheBox: Craft
A Linux box: a public Gogs repo leaks Dinesh's credentials and an eval() injection in the craft-api beer endpoint gives RCE inside a Docker container, the database yields Gilfoyle's login, a private repo holds his SSH key, and a HashiCorp Vault SSH OTP backend issues a root login.
Read