Complete walkthrough of Titanic from Hack The Box. An easy Linux machine featuring an Apache server on port 80. Virtual host fuzzing reveals a Gitea server. Exploiting an Arbitrary File Read vulnerability in the booking functionality allows downloading Gitea's SQLite database, extracting and cracking user credentials. SSH access leads to discovering a cron job executing ImageMagick, vulnerable to CVE-2024-41817 for privilege escalation to root.

Planning is an easy difficulty Linux machine that involves web enumeration, subdomain fuzzing, and exploiting a vulnerable Grafana instance via CVE-2024-9264. After gaining initial access to a Docker container, an exposed password allows lateral movement to the host system due to password reuse. Finally, a custom cron management application with root privileges can be exploited to achieve full system compromise.

Sense, while not requiring many steps to complete, can be challenging for some as the publicly available proof of concept exploit is highly unreliable. An alternative method exploiting the same vulnerability is necessary to successfully gain access. This walkthrough covers fuzzing for sensitive files, credential discovery, and exploiting pfSense 2.1.3 via CVE-2014-4688 with proper SSL certificate handling.

Complete walkthrough of Mirai from Hack The Box. Covers exploiting misconfigured IoT devices using default Raspberry Pi credentials, gaining root access through Pi-hole admin panel, and recovering deleted files from USB storage using forensic techniques.

Complete walkthrough of Chemistry from Hack The Box. Covers exploiting pymatgen library RCE vulnerability (CVE-2024-23346) through malicious CIF file upload, credential extraction from SQLite database, MD5 hash cracking, and exploiting AioHTTP path traversal (CVE-2024-23334) to read root flag from internal web service.

Complete walkthrough of PermX from Hack The Box. Covers exploiting Chamilo Learning Management System via unrestricted file upload vulnerability (CVE-2023-4220), credential extraction from configuration files, password reuse for SSH access, and exploiting sudo misconfiguration through symlink manipulation to gain root access.

Complete walkthrough of GreenHorn from Hack The Box. Covers exploiting Pluck CMS vulnerability for Remote Code Execution, credential extraction from Gitea repository, SHA-512 hash cracking, and depixelizing obfuscated passwords from PDF files to gain root access.

Complete walkthrough of Dog from Hack The Box. Covers discovering sensitive information through exposed Git repository, credential extraction, exploiting BackdropCMS admin privileges for Remote Code Execution via malicious archive upload, password reuse for SSH access, and exploiting sudo misconfiguration with the Bee CLI utility to gain root access.

Complete walkthrough of Shocker from Hack The Box. Covers discovering CGI-bin scripts through directory fuzzing, exploiting the infamous Shellshock vulnerability (CVE-2014-6271) for remote code execution on Apache servers with mod_cgi enabled, and leveraging unrestricted Perl sudo permissions to escalate privileges to root.

Complete walkthrough of Validation from Hack The Box. Covers exploiting a web application vulnerable to second-order SQL Injection to write a PHP web shell into the system for Remote Code Execution (RCE). After initial access, privilege escalation is achieved by exploiting database password reuse, leading to root-level access on the machine.