Inject is an easy Linux machine created by rajHere on Hack The Box that involves Exploiting a Directory Traversal bug to locate and read local files as frank. We use this vulnerability to enumerate...

Lure is an easy forensics challenge created by egre55 on Hack the Box that involves the analysis of a malicious document that uses Microsoft Office VBA macros to execute code. The finance team ...

Pollution is a hard Linux machine created by Tr1s0n on Hack The Box that involves sensitive information disclosure on a hidden site that allows us to create an admin account on the main site. From ...

Stocker is an easy linux machine created by JoshSH on Hack the Box that involves exploiting a NoSQL injection flaw to bypass authentication on a secret VHOST. From there we abuse a special HTML ren...

Bagel is a medium difficulty linux machine created by CestLaVie on Hack the Box that features a vulnerable web server that can be manipulated to read unintended files from the local filesystem. We ...

Precious is an easy linux machine created by Nauten on Hack the Box that features a web server that uses a version of PDFKit that is vulnerable to CVE-2022-25765, which can be exploited to execute ...

Shattered Tablet is a very easy reversing challenge created by clubby789 on Hack the Box that involves recovering each byte of the flag from machine code, which we solve using radare2 and regular e...

Flight is a hard windows machine created by Geiseric on Hack the Box that features a vulnerable Active Directory domain controller. The machine hosts a web server that enables attackers to read loc...

Keep the steam going is a hard forensics challenge created by thewildspirit on Hack the Box that involves the inspection of a packet capture to pinpoint malicious traffic. Along the way we deobfusc...

MetaTwo is an easy Linux machine created by Nauten on Hack the Box that involves exploiting a vulnerable Wordpress site as an unauthenticated user with CVE-2022-0739 to recover the credentials for ...