Hack The Box - Builder
August 29, 2024Builder is a Linux machine running a version of Jenkins with an arbitrary file read vulnerability via the CLI (CVE-2024-23897). This…
Builder is a Linux machine running a version of Jenkins with an arbitrary file read vulnerability via the CLI (CVE-2024-23897). This…
Aero is a Windows machine hosting a website that allows users to upload custom Windows 11 themes. Due to a known RCE vulnerability in…
Visual is a Windows machine hosting a website that compiles Visual Studio projects from a remote Git repository. Command execution on the…
Jab is a Windows machine running Active Directory with an XMPP server that allows open registration. Once an account has been created, a…
Manager is a Windows machine running Active Directory. After gathering a list of domain users by brute-forcing SIDs, one of the users is…
Blackfield is a Windows machine running Active Directory. A list of potential usernames can be created based on user directories found in an…
Reel is a Windows machine running Active Directory with an open FTP server that contains a few documents, one of which reveals an email…
Escape is a Windows machine running Active Directory with an open SMB share containing credentials for an MSSQL instance. After connecting…
Scrambled is a Windows machine running Active Directory. A username can be found on a hosted webpage as well as a message indicating that…
Zipping is a Linux machine hosting a website with a form used to upload ZIP archives that contain a PDF document. Arbitrary files on the…
Intelligence is a Windows machine with an Active Directory environment. Browsing a hosted webpage leads to the discovery of a naming…
Cascade is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the environment, leading to the…
Monteverde is a Windows machine with an Active Directory environment featuring Azure AD. After enumerating domain users, it can be…
Resolute is a Windows machine running Active Directory. A few different methods can be used to enumerate users on the system and reveal an…
VulnNet: Active is a Windows machine running Active Directory with an instance of Redis that doesn't require authentication. This can be…
Timelapse is a Windows machine running Active Directory with an open SMB share that contains a password protected ZIP file. The password can…
Blue is a Windows machine running SMB. A scan with Nmap can reveal that the box is vulnerable to EternalBlue, an exploit that targets a flaw…
Return is a Windows machine running Active Directory. A webpage featuring a printer admin panel can be leveraged to reveal LDAP credentials…
Sauna is a Windows machine featuring an Active Directory environment. A list of potential usernames can be generated based on a webpage that…
Active is a Windows machine running Active Directory with an open SMB share that contains an encrypted GPP (Group Policy Preferences…
Forest is a Windows machine running Active Directory. An anonymous LDAP bind allows for enumeration of the system which can be leveraged to…
Cronos is a Linux machine hosting a website with an admin subdomain that contains a login form with a SQL injection vulnerability. After…
Magic is a Linux machine featuring an image upload application with a login form that can be bypassed with a basic SQL injection. The…
Authority is a Windows machine running Active Directory that has an open SMB share containing ansible vault encrypted credentials. Once…
Topology is a Linux machine hosting a website with a PNG image generator based on LaTeX inline math mode commands. This feature can be…
Inject is a Linux machine hosting a cloud storage and collaboration app built with Java and the Spring framework. A route on the app has a…
MonitorsTwo is a Linux machine with a web application that uses Cacti, a web based monitoring and fault management framework. The version of…
Busqueda is a Linux machine featuring a web application that provides users with a URL for a variety of search engines across the web with…
Pilgrimage is a Linux machine hosting an image shrinker application that uses the ImageMagick software for image processing. However, the…
PC is a Linux machine with an open port running gRPC (Google Remote Procedure Call). Interaction with the server using allows for the…
TwoMillion is a Linux machine hosting a web application with an API that has a command execution vulnerability. This vulnerability can be…
Opacity is a Linux machine with a web app that features a vulnerable image upload form which can be used to upload a reverse shell to gain…
Mirai features a Raspberry Pi device with default credentials that can be used to log in over SSH. Enumeration of the system reveals a USB…
Diogenes' Rage is a web challenge featuring a vending machine application that enables users to purchase items using a coupon worth $1.0…
Didactic Octo Paddles is a web challenge that features an application with a vulnerable implementation of JWT token validation using the…
Orbital is a web challenge featuring a web application susceptible to SQL injection. After utilizing SQLi to bypass login as the user, an…
Passman is a web challenge that features a password manager application built with GraphQL. Analysis of the code reveals an insecure direct…
Stocker is a Linux machine running a web server that hosts an e-commerce site with a vulnerable API. This API can be exploited using a NoSQL…
Laboratory is a Linux machine with a GitLab web application running in a docker container. Exploiting an arbitrary file read vulnerability…
Support is a Windows machine running Active Directory. There's an open SMB share containing a .NET executable which authenticates using the…