Overview This machine begins w/ a DNS enumeration, revealing several subdomains. After enumerating the subdomains, admin.cronos.htb is susceptible to SQLi authentication bypass and a command injec...

Overview This machine has 4 ways to obtain an initial shell. For the 1st method, after a web enumeration at TCP/443 (HTTPS), it is discovered that Elastix running on the webserver. After searching ...

Overview This machine begins w/ web directory enumeration revealing files and directories that discloses the username, CMS version and login page of the webpage, allowing us to login as an admin us...

Overview This machine begins w/ a web directory enumeration, finding a directory /dev directory containing a file phpbash.php that has code execution functionality, allowing us to obtain a low-priv...

Overview This machine begins w/ a web directory enumeration, finding a cgi-bin/ directory, and by further enumerating the found directory (cgi-bin/), a bash script is found, allowing us to use an e...

Overview This is the second machine from OSCP’s TJNull’s OSCP List for HackTheBox. This machine begins w/ us enumerating several subdomains via NMAP’s HTTPS script, followed by a wordpress plugin ...

Overview After the evil-twin project, I continued to root machines on hackthebox/vulnhub and left my raspberry pi to collect dust, recently I randomly thought of my raspberry pi and wanted to put m...

Overview This machine begins w/ DNS enumeration, revealing a subdomain preprod-payroll.trick.htb that running a recruitment management system via nginx. The recruitment management system is suscept...

Overview This machine is hosting a webpage that allows user to test a file upload web application and download its source code. However, the source code is archived together with a directory .git, ...