This machine is an active directory box that has an assumed breach scenario. We’re given the credentials rose:KxEPkKe6R8su. We then discover several credentials, which lead to us capturing the user...

This box hosts a resume generation website where an HTTP query parameter is vulnerable to LFI. The LFI vulnerability is then leveraged to read a database file and obtain a password hash. This passw...

Welcome to my first post on this blog. I’ve done a couple Hack The Box (HTB) machines before, but I finally decided to publish a writeup of one. This machine uses a log4j vulnerability to gain RCE ...