HackTheBox Writeups

Sink is an insane level box on HackTheBox that was incredibly fun and difficult. The unique technologies and attack vectors taught me a lot about cloud stuff and HTTP request smuggling; a topic I was previously vaguely familiar with. [Read More]

Tags: Cloud Linux Pentesting CVE

Multimaster

Multimaster HackTheBox

Posted on April 22, 2022

Multimaster is an insane level box on HackTheBox that was pretty difficult. It used a variety of technologies and techniques in order to gain Domain Admin. There wasn’t a significant emphasis on the Active Directory aspect, but it was still very interesting and helped me refine some of my skills.... [Read More]

Tags: Active Directory Windows Pentesting CVE SQLi

Sizzle

Sizzle HackTheBox

Posted on April 20, 2022

Sizzle is an insane level box on HackTheBox and utilizes a variety of Active Directory and Windows pentesting techniques in order to obtain Domain Admin. The route to an initial shell was quite difficult and unique, but the rest of the box was relatively simple. [Read More]

Tags: Active Directory Windows Pentesting Client-Side

Bankrobber

Bankrobber HackTheBox

Posted on December 26, 2021

Bankrobber is an insane level box on HackTheBox that utilizes a client side attack and SQL injection and a simple buffer overflow. User was lengthy as it required a lot of waiting and inconsistency, but the path of System was very quick and simple. [Read More]

Tags: XSS Client-Side SQLi Buffer Overflow Windows Pentesting

Worker

Worker HackTheBox

Posted on December 7, 2021

Worker is a medium level box on HackTheBox and is unique because its usage of the DevOps workflow as an attack vector. Getting both user and System required either knowledge of Azure DevOps or some considerable enumeration, but everything else was not too difficult. [Read More]

Tags: DevOps Windows Pentesting

Blackfield

Blackfield HackTheBox

Posted on December 6, 2021

Blackfield is a hard level box on HackTheBox and requires basic Active Directory knowledge and enumeration skills to solve. The user part was rather lengthy, but with the use of Bloodhound, the path to root becomes clear very early on. [Read More]

Tags: Active Directory Windows Pentesting

Resolute

Resolute HackTheBox

Posted on December 5, 2021

Resolute is a medium level box that is actually pretty easy with knowledge of basic Windows and Active Directory enumeration techniques. I am a bit unfamiliar with some Command Prompt and Powershell command syntax, making some steps very time consuming. Overall, this box is pretty basic and the information from... [Read More]

Tags: Active Directory Windows Pentesting

Spider

Spider HackTheBox

Posted on November 1, 2021

Spider is a hard level box on HackTheBox and heavily focuses on web exploits, hence the name. As with all hard boxes on HackTheBox, it requires a multi-step process and it is recommended that you have experience with web exploits or knowledge of the OWASP Top 10 prior to attempting... [Read More]

Tags: XXE SQLi SSTI Linux Pentesting

Lame

Lame HackTheBox

Posted on September 30, 2021

Lame is an easy level box on HackTheBox and covers many basics. There are multiple approaches for this box and overall it was pretty fun. My approach was to exploit the distccd service to gain a foothold, and then using rlogin to gain root, as it required no password. [Read More]

Tags: Linux CVE Pentesting

Love

Love HackTheBox

Posted on September 3, 2021

Love is an easy level box on HackTheBox and took quite some time for me to solve as it was the second box that I have tried to solve. It was pretty interesting to solve and I learned some new exploit methods that I could try to use later. I... [Read More]

Tags: Windows CVE Pentesting

Sink

Sink HackTheBox