Hack The Box

A walkthrough for the “Editor” machine on Hack The Box, detailing the exploitation of XWiki RCE (CVE-2025-24893) and leveraging a Netdata ndsudo vulnerability (CVE-2024-32019) for root privilege escalation.

A walkthrough for the “BoardLight” machine on Hack The Box, detailing the steps taken to compromise the target.

A solution guide for the “Devvortex” challenge on Hack The Box, covering the exploitation path from user to root.

A step-by-step writeup for the “Codify” box on Hack The Box, demonstrating the vulnerabilities exploited to gain access.

A walkthrough for the “Analytics” machine on Hack The Box, demonstrating how to exploit a Metabase Pre-auth RCE (CVE-2023-38646) and leverage the “GameOverlay” kernel vulnerability to gain root access.

A walkthrough for the “Manager” machine on Hack The Box, covering RID cycling and password spraying against MSSQL, retrieving credentials via xp_dirtree, and exploiting AD CS ESC7 to escalate privileges to Domain Admin.

A walkthrough for the “Builder” machine on Hack The Box, demonstrating the exploitation of a Jenkins arbitrary file read vulnerability (CVE-2024-23897) to retrieve credentials and the decryption of stored SSH keys via the Script Console for privilege escalation.

A guide for the “CrazyHosting” machine on Hack The Box, covering how to hijack a user session via exposed Spring Boot Actuator endpoints, achieve command injection for a reverse shell, and escalate privileges using SSH configuration vulnerabilities.

A walkthrough for the “Keeper” machine on Hack The Box, covering default credential exploitation in Request Tracker, extracting a KeePass master password from a memory dump, and converting PuTTY keys to gain root access.

A walkthrough for the “Broker” machine on Hack The Box, detailing the exploitation of Apache ActiveMQ (CVE-2023-46604) and privilege escalation via a custom Nginx configuration to gain root access.