Complete walkthrough of Grandpa from Hack The Box. Covers exploiting the widely exploited CVE-2017-7269 vulnerability in Microsoft IIS 6.0 WebDAV, process migration techniques for stable shell access, and privilege escalation using MS15-051 kernel exploit to gain SYSTEM access on Windows Server 2003.

Complete walkthrough of Underpass from Hack The Box. Covers UDP port enumeration to discover SNMP service, extracting information about Daloradius installation, accessing operator panel using default credentials, cracking MD5 password hash for SSH access, and exploiting mosh-server sudo permissions to gain root access through mobile shell connection.

Complete walkthrough of Cicada from Hack The Box. Covers Active Directory enumeration for beginners, enumerating shares, discovering cleartext passwords in files, password spraying attacks, and exploiting SeBackupPrivilege to achieve full system compromise.

Complete walkthrough of BoardLight from Hack The Box. Covers exploiting Dolibarr ERP/CRM instance vulnerable to CVE-2023-30253, credential extraction from configuration files, SSH access via password reuse, and exploiting enlightenment_sys SUID binary through CVE-2022-37706 to gain root access.

Complete walkthrough of Devvortex from Hack The Box. Covers exploiting Joomla CMS vulnerability for information disclosure, credential extraction from configuration files, template injection for reverse shell, MySQL database enumeration, bcrypt hash cracking, and exploiting apport-cli (CVE-2023-1326) to gain root access.

Complete walkthrough of CozyHosting from Hack The Box. Covers Spring Boot Actuator endpoint enumeration, session hijacking through exposed sessions, OS command injection via hostname parameter, hardcoded credential extraction from JAR files, PostgreSQL database enumeration, bcrypt hash cracking, and SSH sudo privilege escalation through GTFOBins.

Granny, while similar to Grandpa, can be exploited through different methods. The intended method to solve this machine is the well-known WebDAV upload vulnerability.

Antique is an easy-difficulty Linux machine hosting a network printer that exposes credentials via an SNMP string, allowing access to the telnet service. A foothold can be obtained by exploiting printer functionality. The CUPS administration service is running locally. This service can be further exploited to gain root access on the server.

Headless is an easy-difficulty Linux-based machine hosting a Python Werkzeug server that runs a website. Within the site there is a customer support form vulnerable to blind Cross-Site Scripting (XSS) via the User-Agent header. This flaw is exploited to steal the administrator cookie, allowing access to the admin dashboard. This page is vulnerable to command injection, enabling the establishment of a reverse shell on the machine. Analyzing user mail reveals a script that doesn't use absolute paths: the attacker exploits this weakness to obtain a shell as root.

Complete walkthrough of Blocky from Hack The Box. Covers a fairly simple machine based on real-world scenarios, demonstrating risks associated with poor password management practices and exposure of internal files on publicly accessible systems. Highlights a major attack vector: Minecraft servers, often managed by inexperienced administrators, making them easy targets.