HTB Writeups

Professional penetration testing reports and security research from HackTheBox machines. Detailed analysis of vulnerabilities, exploitation techniques, and mitigation strategies.

Explore Writeups

Machine Writeups

Detailed walkthroughs of HackTheBox machine solutions

Blocky

Easy

A Linux machine focusing on web application security, source code analysis, and privilege escalation through Java application vulnerabilities and misconfigured permissions.

Web Security Java SSH Privilege Escalation
Read Writeup

Popcorn

Medium

Features file upload vulnerabilities leading to remote code execution, and PAM-based privilege escalation exploiting MOTD configuration vulnerabilities.

File Upload RCE PAM CVE-2010-0832
Read Writeup

Magic

Medium

A Linux machine featuring SQL injection authentication bypass, file upload vulnerabilities leading to remote code execution, and privilege escalation through PATH hijacking of SUID binaries.

SQL Injection File Upload RCE PATH Hijacking SUID Exploit
Read Writeup

Help

Easy

A Linux machine featuring HelpDeskZ vulnerability exploitation through arbitrary file upload, leading to initial foothold and privilege escalation via kernel exploit targeting Linux 4.4.0-116.

HelpDeskZ File Upload RCE Kernel Exploit Privilege Escalation
Read Writeup

Mango

Medium

A Linux machine featuring NoSQL injection vulnerability in authentication mechanism, credential brute-forcing through regex-based payloads, and privilege escalation via JavaScript engine (jjs) SUID binary exploitation.

NoSQL Injection Regex Brute-Force Credential Extraction jjs Exploitation SUID Privilege Escalation SSH Key Injection
Read Writeup

Celestial

Medium

A Linux machine demonstrating Node.js deserialization vulnerabilities, remote code execution through cookie manipulation, and privilege escalation via misconfigured cron jobs with root-level permissions.

Node.js Deserialization RCE Cron Jobs Privilege Escalation
Read Writeup

Monitors

Hard

An advanced Linux machine requiring multi-layered exploitation across WordPress LFI, Cacti RCE, OFBiz deserialization attacks, and sophisticated Docker container escape through custom kernel module development for ultimate privilege escalation.

WordPress LFI Cacti RCE OFBiz Deserialization Docker Escape Kernel Module Container Breakout Advanced Exploitation
Read Writeup

Vault

Medium

A Linux machine featuring file upload bypass vulnerabilities, internal network pivoting through SSH tunneling, OpenVPN configuration injection attacks, and multi-stage lateral movement across segmented networks culminating in GPG-protected flag extraction.

File Upload Bypass SSH Tunneling OpenVPN Injection Network Pivoting Lateral Movement GPG Decryption Internal Recon
Read Writeup

Active

Medium

An Active Directory domain exploitation featuring SMB share enumeration, Group Policy Preferences credential extraction, and Kerberoasting attacks leading to domain administrator compromise.

Active Directory SMB GPP Kerberoasting Hashcat Impacket
Read Writeup

Sauna

Medium

An Active Directory domain exploitation featuring Kerberos AS-REP roasting, lateral movement through discovered AutoLogon credentials, and privilege escalation via DCSync attack leading to full domain compromise.

Active Directory Kerberos AS-REP Roasting DCSync BloodHound WinRM Impacket
Read Writeup

Forest

Medium

An Active Directory domain exploitation featuring AS-REP roasting attack on service accounts, BloodHound analysis for privilege escalation paths, ACL abuse through WriteDACL permissions, and ultimate domain compromise via DCSync attack to extract Administrator credentials.

Active Directory AS-REP Roasting BloodHound ACL Abuse DCSync WinRM Impacket PowerView RPC Enumeration
Read Writeup

SAU

Easy

A Linux machine featuring Maltrail vulnerability exploitation through unauthenticated remote code execution, HTTP request smuggling via proxy configuration, and privilege escalation through systemctl binary abuse leading to complete system compromise.

Maltrail RCE Proxy Abuse Request Smuggling Systemctl Escalation Sudo Privilege Abuse GTFOBins Service Enumeration
Read Writeup

Busqueda

Medium

A Linux machine featuring Searchor 2.4.0 command injection vulnerability leading to initial access, Git credential exposure, Docker container enumeration, and privilege escalation through sudo misconfiguration in custom Python scripts.

Command Injection Git Exposure Docker Sudo Abuse Python Scripting
Read Writeup

Bashed

Easy

Features web application vulnerabilities with exposed PHP web shell access, and cron job privilege escalation exploiting writable scripts executed as root.

Web Shell PHP Cron Jobs Privilege Escalation
Read Writeup

Editorial

Medium

A Linux machine featuring SSRF vulnerability in file upload functionality leading to internal API discovery, credential exposure through information disclosure, lateral movement via Git history analysis, and privilege escalation through GitPython command injection vulnerability in sudo-enabled scripts.

SSRF API Enumeration Git History GitPython Exploit Sudo Privilege Escalation
Read Writeup

Cicada

Medium

An Active Directory domain exploitation featuring comprehensive SMB enumeration, password reuse attacks, lateral movement through discovered credentials, and privilege escalation via SeBackupPrivilege leading to full domain compromise through SAM database extraction and pass-the-hash techniques.

Active Directory SMB Enumeration Password Reuse SeBackupPrivilege SAM Extraction Pass-the-Hash WinRM Impacket CrackMapExec Evil-WinRM
Read Writeup

Usage

Medium

A Linux machine featuring SQL injection vulnerability in password reset functionality leading to admin credential exposure, arbitrary file upload in Laravel admin panel for initial foothold, lateral movement through credential reuse in Monit configuration, and privilege escalation via 7-Zip wildcard injection vulnerability in sudo-enabled backup scripts.

SQL Injection Laravel Exploit File Upload Bypass Credential Reuse Wildcard Injection 7-Zip Exploit
Read Writeup

Nibbles

Easy

A beginner-friendly Linux machine featuring Nibbleblog CMS exploitation through arbitrary file upload vulnerability and privilege escalation via misconfigured sudo permissions, demonstrating fundamental web application security concepts and Linux privilege escalation techniques.

Nibbleblog File Upload CMS Exploitation Sudo Misconfiguration Reverse Shell Metasploit Directory Brute-forcing Default Credentials Privilege Escalation
Read Writeup

Jarvis

Medium

A challenging Linux machine featuring SQL injection exploitation in a hotel booking system, command injection bypass techniques, and multiple privilege escalation vectors including Python script exploitation and SUID binary abuse, demonstrating advanced web application security testing and Linux system penetration methodologies.

SQL Injection Command Injection SQLMap File Upload Web Shell Sudo Exploitation Python Script Abuse SUID Privilege Escalation Systemctl Exploitation GTFOBins Input Validation Bypass Service Creation
Read Writeup

ServMon

Easy

A Windows-based machine showcasing real-world security misconfigurations including FTP anonymous access, NVMS 1000 directory traversal vulnerabilities, weak credential management, and NSClient++ privilege escalation through external script execution, demonstrating comprehensive Windows penetration testing methodologies from reconnaissance to full system compromise.

FTP Anonymous Access Directory Traversal NVMS 1000 Exploitation Credential Harvesting Password Spraying SSH Tunneling NSClient++ Windows Privilege Escalation External Script Execution Service Misconfiguration Reverse Shell Port Forwarding
Read Writeup

Devel

Easy

A Windows-based machine demonstrating critical service misconfigurations including anonymous FTP access with write permissions, IIS web server exploitation through ASPX web shell deployment, and Windows kernel privilege escalation via KiTrap0D vulnerability (MS10-015), showcasing a complete attack chain from initial reconnaissance to SYSTEM-level compromise through improper service configuration and unpatched systems.

FTP Anonymous Access IIS 7.5 Exploitation Web Shell Deployment MSFVenom Payloads Meterpreter Shell Windows Kernel Exploit MS10-015 KiTrap0D Privilege Escalation Service Misconfiguration ASPX Reverse Shell Local Exploit Suggester Windows 7 Compromise
Read Writeup

Coming Soon

Hard

More HackTheBox machine writeups are in progress. Stay tuned for advanced exploitation techniques, kernel exploits, and complex Active Directory attacks.

Advanced Kernel Exploits Active Directory
Coming Soon

Tunneling && Pivoting

Essential techniques for network penetration testing and lateral movement

Tunneling & Pivoting Guide

Essential

Master network pivoting with Ligolo-ng, Chisel, and SSH tunneling. Complete guide covering double pivoting, SOCKS proxies, port forwarding, and lateral movement techniques for penetration testing and red team operations.

Ligolo-ng Chisel SSH Tunneling Double Pivot SOCKS Proxy Port Forwarding
View Complete Guide
Quick Tools Reference
Ligolo-ng Chisel SSH Tunneling
21

Machines Completed

100%

Success Rate

42+

Vulnerabilities Found

Knowledge Gained