
WriteUPs

Rebound - HTB
Rebound is an insane difficulty machine on HackTheBox. Initially, we'll exploit RID brute force to obtain a list of valid users on the Domain Controller. One of these users is vulnerable to...
Read more
Analytics - HTB
Analytics is an easy machine on HackTheBox. Firstly, we'll exploit a vulnerable version of Metabase to achieve command execution on the victim machine...
Read more
Manager - HTB
Manager is a medium-difficulty machine on HackTheBox. Initially, we'll abuse the guest session to perform a RID Bruteforce attack to identify...
Read more
Visual - HTB
Visual is a medium-difficulty machine on HackTheBox. Initially, we will exploit a website that builds our custom Visual Studio projects by abusing...
Read more
Drive - HTB
Drive is a hard-difficulty machine on HackTheBox. Initially, we exploit an IDOR (Insecure Direct Object Reference) vulnerability to access private messages, revealing...
Read more
Clicker - HTB
Clicker is a medium-difficulty machine on HackTheBox. Firstly, we will exploit an NFS share to obtain the source code of a website. After reading the source code...
Read more
Zipping - HTB
Zipping is a medium-difficulty machine on HackTheBox. Initially, we will exploit a Local File Inclusion (LFI) vulnerability to gain access to...
Read more
Sau - HTB
Sau is an easy difficulty machine on the HackTheBox platform. Firstly, we will exploit an SSRF vulnerability in `request-baskets` to gain access to...
Read more
Authority - HTB
Authority is a medium-difficulty machine on HackTheBox. Initially, we will decrypt Ansible vaults using the ansible2john tool to extract...
Read more
Pilgrimage - HTB
Pilgrimage is an easy difficulty machine on HackTheBox, exposing an HTTP service on port 80. Our initial step involves dumping a `.git` directory to retrieve...
Read more
Sandworm - HTB
Sandworm is a medium difficulty machine on HackTheBox. Firstly, we will exploit an SSTI vulnerability by abusing reflection...
Read more
Download - HTB
Download is a hard difficulty machine on HackTheBox. The machine features a web service that allows file uploads. While attempting to download the files, we discover a...
Read more
Topology - HTB
Topology is an easy-level machine on HackTheBox. Initially, we need to exploit a LaTeX Injection to gain access to...
Read more
Gofer - HTB
Gofer is a hard-level machine on the HackTheBox platform. Initially, we encounter a network-level shared resource via SMB that leaks a file containing pertinent information for...
Read more
Jupiter - HTB
Jupiter is a medium-difficulty machine on the HackTheBox platform. To start, we encounter a web service running...
Read more
Intentions - HTB
Intentions is a hard-level machine from the HackTheBox platform. Initially, we discovered a SQL injection vulnerability that allowed us to obtain...
Read more
PC - HTB
PC is an easy-level machine from HackTheBox. Firstly, we discover the gRPC service running on port "50051". Using the "grpcgui" tool, we set up a service to access it through...
Read more
Format - HTB
Format is a medium-difficulty machine in which we need to exploit a web service to read system files. We achieve this by inspecting the page's source code hosted on port 3000 in a...
Read more
Snoopy - HTB
Snoopy is a hard level machine featured on the HackTheBox platform. Initially, our objective entails exploiting a Local File Inclusion vulnerability to extract...
Read more
Blackfield - HTB
Blackfield is a hard level machine on the HackTheBox platform. It is an Active Directory-based environment, where our initial reconnaissance involved analyzing a network-level shared resource exposed through...
Read more
Inject - HTB
This is an easy-level machine in which we exploit a file upload vulnerability to make the page show us how we can access them. The page utilizes a parameter in the GET method to access system files, allowing us to exploit...
Read more
Escape - HTB
Escape is a medium difficulty machine on the HackTheBox platform. It is a machine that hosts an Active Directory service. Initially, we acquire credentials through a PDF exposed via...
Read more
Busqueda - HTB
Busqueda is a platform that provides a website offering links to various web pages based on user input. Behind the scenes, it utilizes the Python...
Read more
OnlyForYou - HTB
OnlyForYou is a medium-level machine in which we exploit Python and Neo4j (Cypher Injection)...
Read more