Devvortex is an easy-difficulty Linux machine that features a Joomla CMS that is vulnerable to information disclosure. Accessing the service's configuration file reveals plaintext credenti...

Web My first Website Info Solve SSTI (Flask) It’s a calculator By visiting a 404 page, it says Custom 404 Page Since the path will be reflected by a custom 404 page, tested SSTI and it...

Info Welcome, brave cyber warriors, to the Avenger Training Cyber Security Capture the Flag! Prepare yourselves for a wild and wacky adventure through the treacherous realm of cyberspace. Your mi...

Hospital is a medium-difficulty Windows machine that hosts an Active Directory environment, a web server, and a RoundCube instance. The web application has a file upload vulnerability that allows t...

Summary Team Score 59/950 Personal Score Personal Solves Warmup Over the Wire (part 1) Info Solve Wireshark -> Statistics -> Protocol Hierarchy FTP looks interesting, filt...

Granny, while similar to Grandpa, can be exploited using several different methods. The intended method of solving this machine is the widely-known Webdav upload vulnerability. Recon ┌──(bravose...

Grandpa is one of the simpler machines on Hack The Box, however it covers the widely-exploited CVE-2017-7269. This vulnerability is trivial to exploit and granted immediate access to thousands of I...

Broker is an easy difficulty Linux machine hosting a version of Apache ActiveMQ. Enumerating the version of Apache ActiveMQ shows that it is vulnerable to Unauthenticated Remote Code Execution, whi...

Codify is an easy Linux machine that features a web application that allows users to test Node.js code. The application uses a vulnerable vm2 library, which is leveraged to gain remote code executi...

Redis Server No Password thm@ip-10-10-131-119:~$ ss -ltnp|grep 0.0.0.0 LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0...

Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack ve...

Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator ...

Info This CTF was held by Snyk, and it was mostly around Web challenges My goal was to finish 10+ challenges Summary Certificate Team scoreboard Personal Stats Personal Solves W...

Recon Nmap # Nmap 7.94 scan initiated Tue Oct 24 09:46:26 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/htb/Clicker/results/clicker.htb/scans/_fu...

Forensics Trick or Treat Analyze malicious windows lnk file .\LECmd.exe -f "D:\kali-share\ctf\hacktheboo-2023\Trick or Treat\trick_or_treat\trick_or_treat.lnk" Name: Trick or treat Working D...