Spoiler Alert : This machine with crash if dir busting too much Recon Nmap # Nmap 7.94 scan initiated Wed Jul 26 05:45:51 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA blog 10.10.71.153 Nmap scan re...

Recon Nmap # Nmap 7.94 scan initiated Tue Jul 25 16:37:42 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Wonderland 10.10.99.150 Nmap scan report for 10.10.99.150 Host is up, received user-set (0.29s l...

Recon Nmap # Nmap 7.94 scan initiated Mon Jul 24 11:21:06 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Retro 10.10.15.115 Nmap scan report for 10.10.15.115 Host is up, received user-set (0.28s latency...

Timelapse is an Easy Windows machine, which involves accessing a publicly accessible SMB share that contains a zip file. This zip file requires a password which can be cracked by using John. Extrac...

Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available e...

Active is an easy to medium difficulty machine, which features two very prevalent techniques to gain privileges within an Active Directory environment. Recon CrackMapExec ┌──(kali㉿kali)-[~/htb/...

https://tryhackme.com/room/zer0logon Identify zero logon exploit ┌──(kali㉿kali)-[~] └─$ cme smb 10.10.244.21 -u '' -p '' -M zerologon SMB 10.10.244.21 445 DC01 [*] Wind...

This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following: Initial enumeration using tools like Kerbrute and Rubeus Kerberoa...

Forest in an easy difficulty Windows Domain Controller (DC), for a domain in which Exchange Server has been installed. The DC is found to allow anonymous LDAP binds, which is used to enumerate doma...

Authority is a medium-difficulty Windows machine that highlights the dangers of misconfigurations, password reuse, storing credentials on shares, and demonstrates how default settings in Active Dir...

PC is an Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. After enumerating and dumping the database's contents, plaintext credentials l...

MonitorsTwo is an Easy Difficulty Linux machine showcasing a variety of vulnerabilities and misconfigurations. Initial enumeration exposes a web application prone to pre-authentication Remote Code ...

Sauna is an easy difficulty Windows machine that features Active Directory enumeration and exploitation. Possible usernames can be derived from employee full names listed on the website. With these...

TwoMillion is a special release from HackTheBox to celebrate 2,000,000 HackTheBox members. It released directly to retired, so no points and no bloods, just for run. It features a website that look...

Pilgrimage is an easy-difficulty Linux machine featuring a web application with an exposed Git repository. Analysing the underlying filesystem and source code reveals the use of a vulnerable versio...