Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. Luckily, a username can be enumerated and guessing ...

Bashed is a fairly easy machine which focuses mainly on fuzzing and locating important files. As basic access to the crontab is restricted, Recon ┌──(bravosec㉿fsociety)-[~/htb/Bashed] └─$ writeh...

Blue, while possibly the most simple machine on Hack The Box, demonstrates the severity of the EternalBlue exploit, which has been used in multiple large-scale ransomware and crypto-mining attacks ...

Support is an Easy difficulty Windows machine that features an SMB share that allows anonymous authentication. After connecting to the share, an executable file is discovered that is used to query ...

Netmon is an easy difficulty Windows box with simple enumeration and exploitation. PRTG is running, and an FTP server with anonymous access allows reading of PRTG Network Monitor configuration file...

Although Jerry is one of the easier machines on Hack The Box, it is realistic as Apache Tomcat is often found exposed and configured with common or weak credentials. Recon ┌──(bravosec㉿fsociety)...

Lame is an easy Linux machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retire...

Info Attack & Defense CTF https://2023.faustctf.net/information/rules/ Flag format : FAUST_[A-Za-z0-9/+]{32} IPv6 format : fd66:666:<team-number>::2 Learnt Setup IDS l...

GoodGames is an Easy linux machine that showcases the importance of sanitising user inputs in web applications to prevent SQL injection attacks, using strong hashing algorithms in database structur...

Sauna is an easy difficulty Windows machine that features Active Directory enumeration and exploitation. Possible usernames can be derived from employee full names listed on the website. With these...

Recon Nmap User www-data@ubuntu-bionic:/var/www/html$ cat /home/www-data/.../look.txt Super Secure Password => ctfbros:WTBCT1dUQjFVR3hBZVZSb0lYTmpWR1kv ┌──(bravosec㉿fsociety)-[~/thm/An...

Snoopy is a Hard Difficulty Linux machine that involves the exploitation of an LFI vulnerability to extract the configuration secret of Bind9. The obtained secret allows the redirection of the mail...

Topology is an Easy Difficulty Linux machine that showcases a LaTeX web application susceptible to a Local File Inclusion (LFI) vulnerability. Exploiting the LFI flaw allows for the retrieval of an...

Recon ┌──(bravosec㉿fsociety)-[~/thm/Wekor] └─$ writehosts thm '10.10.249.113 wekor.thm site.wekor.thm' +---------+--------+---------------+----------------+ | PROFILE | STATUS | IP | ...

Optimum is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine...