Reel2 is a Windows machine that involves stealing NetNTLMv2 hash on Outlook Web application, bypassing restricted powershell, taking advantage of a JEA (Just Enough Administration) command to read restricted files on the machine and use mysql queries to gain administrator/root access on the machine. Initial Reconnaissance and Enumeration I performed an nmap aggressive scan…

OpenAdmin is an easy Linux machine that involves an exploit on an IP Address Management (IPAM) system, looking for credentials, cracking private key and privilege escalation through NANO text editor! Initial Reconnaissance I’ll start the write-up with an Nmap script and version scan on the machine.

Bankrobber is an insane Windows Machine where I will perform Cross-site scripting attacks on a prototype web application and port forwarding so I can brute-force an internal application on my local machine. Initial Reconnaissance As always, the write-up starts with an Nmap script and version scan to identify the open ports and…

Scavenger is a Linux machine that involves a lot of enumeration, SQL Injection through WHOIS service, analyzing a PCAP file,an access log file and privilege escalation through a Linux Kernel module! Initial Reconnaissance As always the write-up starts with an nmap script and version scan

RE is a Windows Machine that simulates a SOC department where we can take advantage of their malware analysis activity and abusing a vulnerable service using a popular Powershell post-exploitation framework. Initial Reconnaissance and Enumeration As usual, I am going to start the write-up with an nmap script and version scan. …

Player is a fun box that will test your enumeration skills. Initial Reconnaissance Now lets start the write-up with an nmap Script and Version scan. We will also scan all ports.

First HacktheBox Writeup! Craft is an interesting machine which involves a vulnerable Python function and a platform that can be use for securely accessing secrets like API keys, passwords, certificates and more! Initial Reconnaissance Lets start the write-up with an nmap script and version scan.