TL;DR The HackTheBox machine “TwoMillion” (released to celebrate 2 million users on the platform) is an easy Linux box involving web API enumeration and abuse. Initial access is gained by solving ...

TL;DR The HackTheBox machine “Nibbles” is an easy Linux box featuring a vulnerable Nibbleblog CMS (version 4.0.3) on an Apache web server. Initial access is gained by exploiting a directory traver...

TL;DR The HackTheBox machine “SolarLab” is a medium-difficulty Windows box featuring a vulnerable ReportLab PDF generation system and an Openfire server with an authentication bypass vulnerability...

TL;DR The HackTheBox machine “Usage” is an easy Linux box featuring a Laravel-based web application vulnerable to SQL injection, allowing extraction of user credentials. Initial access is gained b...

TL;DR The HackTheBox machine “Mailing” is an easy Windows box featuring an hMailServer email setup vulnerable to Local File Inclusion (LFI) and CVE-2024-21413. Initial access is gained by exploiti...

TL;DR The HackTheBox machine “Perfection” is an easy Linux box featuring a Ruby-based web application vulnerable to Server-Side Template Injection (SSTI). Initial access is gained by exploiting SS...

TL;DR The HackTheBox machine “Headless” is an easy Linux box featuring a Flask-based web application vulnerable to Cross-Site Scripting (XSS) and insecure cookie handling. Initial access is gained...

TL;DR The HackTheBox machine “Crafty” is an easy Windows box featuring a Minecraft server vulnerable to Log4Shell (CVE-2021-44228). Initial access is gained by enumerating the Minecraft server on ...

TL;DR The HackTheBox machine “Devvortex” is an easy Linux box featuring a Joomla CMS vulnerable to CVE-2023-23752, an unauthenticated information disclosure flaw. Initial access is gained by enume...