Brains was a room focused on an authentication bypass vulnerability in TeamCity (CVE-2024-27198). We began as an attacker, exploiting the vulnerability to achieve remote code execution (RCE) and ca...

Pyrat was a room centered around a Python program. Initially, we used the program to execute Python code and establish a foothold. Afterward, we discovered user credentials within the configuration...

Jet [Fortress]In this lab, you will explore various security challenges. First, you’ll Connect to the environment and get started. As you progress, begin Digging in to uncover hidden information. M...

GreenHorn is an easy machine by HackTheBox where we are dealing with a Pluck web application , digging around we find the source code of the web app from there we gain access to admin panel where w...

K2 had us solve three machines in sequence, using our findings from the previous machines to tackle the next one. We began with Base Camp, where we targeted a web application and discovered severa...

MonitorsThree is a Medium HackTheBox machine where we start by enumerating a web server finding an SQLi that leads to data leak for then gaining a reverse shell by exploiting a vulnerability in cac...

Initial Enumeration Nmap Scan └─$ nmap -sV 10.10.11.28 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 00:29 CST Nmap scan report for 10.10.11.28 Host is up (0.18s latency). Not shown: 99...

The London Bridge began with fuzzing a web application to discover an endpoint. By fuzzing this endpoint for parameters, we identified one vulnerable to SSRF. Using this vulnerability to enumerate ...

Cheese CTF was a straightforward room where we used SQL injection to bypass a login page and discovered an endpoint vulnerable to LFI. By utilizing PHP filters chain to turn the LFI into RCE, we ga...

Caption on HackTheBox is a Windows machine challenge that tests cybersecurity skills by requiring users to exploit web server vulnerabilities, gain a reverse shell, escalate privileges, and capture...