Complete walkthrough of Blue from Hack The Box. While probably the easiest machine on Hack The Box, it demonstrates the severity of the EternalBlue exploit, used in multiple large-scale ransomware and crypto-mining attacks after its public disclosure.

Complete walkthrough of Code from Hack The Box. An easy Linux machine featuring a Python Code Editor web application vulnerable to remote code execution (RCE) through a Python Jail bypass. After gaining access as user app-production, crackable credentials can be found in a sqlite3 database file. Using these credentials, access is obtained to another user, martin, who has sudo permissions for a backup script, backy.sh. This script contains a vulnerable code section that, when exploited, allows privilege escalation by creating a copy of the root folder.

Complete walkthrough of Analytics from Hack The Box. An easy Linux machine with exposed HTTP and SSH services. Web enumeration reveals a Metabase instance vulnerable to Pre-Authentication Remote Code Execution (CVE-2023-38646), exploited to gain a foothold inside a Docker container. Enumerating the container reveals environment variables containing credentials usable to access the host via SSH. Post-exploitation enumeration reveals the host's kernel version is vulnerable to GameOverlay, exploited to obtain root privileges.