Ouija is an insane difficulty Linux-based Hack the Box machine created by kryptoskia. We first explored the web server on port 80 to find an alternate VHost serving a Gitea instance with a reposito...

Sau is an easy Linux-based Hack the Box machine created by sau123 that involves web exploitation, Server Side Request Forgery (SSRF), Common Vulnerabilities and Exposures (CVEs), and Sudo policy ex...

Cybermonday is a hard Linux-based Hack the Box machine created by Tr1s0n. We initially found a web server with a common NGINX misconfiguration allowing us to leak the source code. On further review...

Pilgrimage is an easy Linux-based Hack the Box machine created by coopertim13 that involves exploiting Common Vulnerabilities and Exposures (CVEs), PHP and Bash code review, and web enumeration. We...

Download is a hard Linux-based Hack the Box machine created by JoshSH that covers topics including web exploitation, CRON jobs, PostgreSQL, and TTY pushbacks. We initially identified a NodeJS Expre...

Intentions is a hard Linux-based Hack the Box machine created by htbas9du that covers topics including web API exploitation, SQL injection, and Linux privilege escalation. We first created an accou...

MonitorsTwo is an easy, Linux-based Hack the Box machine created by TheCyberGeek that covers topics including Common Vulnerabilities and Exposures (CVEs), Linux privilege escalation, Docker, and pi...

OnlyForYou is a medium, Linux-based Hack the Box machine created by 0xM4hm0ud, offering a journey into web exploitation and Linux privilege escalation. It starts with finding open ports, revealing ...

Cerberus is a hard Windows machine created by TheCyberGeek and TRX on Hack The Box that involves exploiting a couple of web CVEs to get a shell on a Linux host. We then exploit another CVE in Firej...

Socket is a medium difficulty Linux machine created by kavigihan on Hack the Box that features a website hosting compiled applications that hint to the usage of a websocket endpoint. This endpoint ...