Investigation is a medium difficulty linux machine created by Derezzed on Hack the Box that features a site using a vulnerable version of ExifTool to parse client-supplied file names. These file na...

Rogue is a medium-difficulty forensics challenge created by thewildspirit on Hack The Box where we are given a packet capture with possibly malicious traffic. Our goal is to find out how the advers...

Juggling Facts is a web challenge released on Hack the Box by Xclow3n that is marked as very easy and involves finding and exploiting a PHP type juggling vulnerability in a web application An o...

Seized is a medium-difficulty forensics challenge created by thewildspirit on Hack the Box that involves recovering credentials from a Windows AppData folder which are protected via DPAPI and store...

Wrong Spooky Season is a forensics challenge released by c4n0pus on Hack the Box that is marked as very easy and involves analyzing a packet capture to pinpoint malicious traffic. “I told them ...

APKrypt is an easy mobile challenge created by bertolis on Hack The Box that involves reverse-engineering an android app to find a key along with an encrypted string which we use to recover the fla...

Shoppy is an easy Linux machine created by lockscan on Hack The Box that features a website with a NoSQL injection vulnerability that allows us to authenticate as the admin user. With a little help...

Support is an easy-difficulty machine created by 0xdf on Hack The Box featuring a domain controller that allows anonymous authentication on its SMB server which hosts a program that contains the pa...

Halloween Invitation is an easy forensics challenge created by P3t4 on Hack the box that involves the analysis of a malicious Microsoft Office document. The products used to solve this challenge in...

Outdated is a medium Windows machine created by ctrlzero on Hack The Box that features an Active Directory domain controller that is vulnerable to CVE-2022-30190. Successful exploitation of this ge...