Summary: In this challenge, I explored and exploited a subdomain hosting Dolibarr CRM. After conducting some research, I was able to gain access using default credentials. Through further enumerati...

What is TLS? Transport Layer Security (TLS) is a cryptographic protocol that provides privacy and data security for communication over the internet. TLS is the successor to SSL (Secure Sockets Lay...

Summary Devvortex, a beginner-friendly Linux machine, is vulnerable thanks to its Joomla CMS having an information disclosure flaw. This vulnerability exposes configuration data, including login cr...

Summary: Codify is a beginner-friendly Linux machine, offering a web application for testing Node.js code. However, the application has a weakness in its vm2 library, allowing attackers to remote...

Introdution Nmap, also known as the Network Mapper, is a free and open-source tool that helps IT professionals uncover the secrets of their network as well as for security auditing. It is like a fl...

Summary: Analytics is a vulnerable Linux machine on HackTheBox. Basic web enumeration techniques expose a login page on a Metabase subdomain. This subdomain is exploitable through a known vulnerab...

Summary: Manager, a medium difficulty Windows machine, acts as a domain controller with Active Directory and additional services like a web server and an SQL server. The attack starts by exploiti...

Summary: Builder, is a medium-difficulty Linux machine, runs a Jenkins instance. The attacker finds a vulnerability (CVE-2024-23897) in Jenkins, allowing unauthorized access to read files on the sy...

The Machine IP address (victim): 10.129.229.88 Enumeration: Port Scan Lets take the first step with nmap scan nmap -sV -A -T5 -oA 10.129.229.88 10.129.229.88 # Nmap 7.80 scan initiated Mon Jan ...

The Machine IP address (victim): 10.129.27.235 Enumeration: Port Scan # Nmap 7.80 scan initiated Tue Jan 30 20:01:25 2024 as: nmap -sV -A -T5 -Pn -oA 10.129.27.235 10.129.27.235 Nmap scan report...