Authority is a medium-difficulty Windows machine that highlights the dangers of misconfigurations, password reuse, storing credentials on shares, and demonstrates how default settings in Active Dir...

PC is an Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. After enumerating and dumping the database's contents, plaintext credentials l...

MonitorsTwo is an Easy Difficulty Linux machine showcasing a variety of vulnerabilities and misconfigurations. Initial enumeration exposes a web application prone to pre-authentication Remote Code ...

Sauna is an easy difficulty Windows machine that features Active Directory enumeration and exploitation. Possible usernames can be derived from employee full names listed on the website. With these...

TwoMillion is a special release from HackTheBox to celebrate 2,000,000 HackTheBox members. It released directly to retired, so no points and no bloods, just for run. It features a website that look...

Pilgrimage is an easy-difficulty Linux machine featuring a web application with an exposed Git repository. Analysing the underlying filesystem and source code reveals the use of a vulnerable versio...

Escape is a Medium difficulty Windows Active Directory machine that starts with an SMB share that guest authenticated users can download a sensitive PDF file. Inside the PDF file temporary credenti...

Request Credentials Reverse DNS lookup and AXFR request doesn’t work /etc/hosts # THM STUFF 10.200.19.101 THMDC za.tryhackme.com THMDC.za.tryhackme.com 10.200.19.249 THMJMP2.za.tryhackme.co...

Credential Injection Runas Explained Have you ever found AD credentials but nowhere to log in with them? Runas may be the answer you’ve been looking for! In security assessments, you will often ...

Introduction to AD Breaches Alert!, This Room Is Aweful Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Win...

Room Objectives In this room, we will learn about Active Directory and will become familiar with the following topics What Active Directory is What an Active Directory Domain is What compo...

Stocker is a medium difficulty Linux machine that features a website running on port 80 that advertises various house furniture. Through vHost enumeration the hostname dev.stocker.htb is identified...

Pre-engagement Briefing You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in three weeks.  Scope of Work The client re...

Info You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in seven days. Scope of Work The client requests that an engine...