Complete walkthrough of Optimum from Hack The Box. A beginner-level machine focusing primarily on service enumeration with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine fairly simple to complete.

Complete walkthrough of Broker from Hack The Box. An easy Linux machine hosting a vulnerable version of Apache ActiveMQ. Version enumeration reveals it's vulnerable to Unauthenticated Remote Code Execution, which is exploited to gain user access. Post-exploitation enumeration reveals a sudo misconfiguration allowing the activemq user to execute sudo /usr/sbin/nginx, a flaw similar to the recent Zimbra disclosure, exploited to obtain root access.

Complete walkthrough of Sau from Hack The Box. An easy Linux machine featuring a Request Baskets instance vulnerable to Server-Side Request Forgery (SSRF) via CVE-2023-27163. Exploiting this vulnerability grants access to a Maltrail instance vulnerable to unauthenticated OS Command Injection, allowing us to obtain a reverse shell on the machine as user puma. A sudo misconfiguration is then exploited to obtain a root shell.

Complete walkthrough of Return from Hack The Box. An easy Windows machine featuring a network printer administration panel that stores LDAP credentials. These credentials can be intercepted by inserting a malicious LDAP server, thus allowing us to obtain a foothold on the server via the WinRM service. The user is a member of a privileged group, further exploited to obtain system access.

Complete walkthrough of Bashed from Hack The Box. A fairly easy machine focusing primarily on fuzzing and discovering important files. Basic access to crontab is limited.

Complete walkthrough of Cap from Hack The Box. An easy Linux machine running an HTTP server with administrative functionalities, including network capture execution. Inadequate controls create an Insecure Direct Object Reference (IDOR) vulnerability that allows access to another user's capture. The capture contains plaintext credentials and can be exploited to obtain an initial foothold. A Linux capability is then used to escalate privileges to root.

Complete walkthrough of Keeper from Hack The Box. An easy Linux machine featuring a support ticketing system with default credentials. By enumerating the service, it's possible to identify plaintext credentials that allow SSH access. Through SSH access, a KeePass database dump is obtained, exploitable to recover the master password. After accessing the KeePass database, root's SSH keys are acquired, used to obtain a privileged shell on the host.

Complete walkthrough of Netmon from Hack The Box. An easy Windows machine with simple enumeration and direct exploitation. A PRTG Network Monitor service is running on the HTTP port, while an FTP server with anonymous access allows reading of PRTG configuration files. The PRTG version (18.1.37.13946) is vulnerable to Remote Code Execution (RCE) identified as CVE-2018-9276, exploitable to obtain a shell with SYSTEM privileges.

Complete walkthrough of Jerry from Hack The Box. An easy Windows machine demonstrating how to exploit Apache Tomcat, obtaining an NT Authority\SYSTEM shell and completely compromising the target.

Complete walkthrough of Legacy from Hack The Box. A fairly simple easy-level machine demonstrating the potential security risks of the SMB protocol on Windows. A single publicly available exploit is sufficient to gain administrator access.