Optimum - Easy - Hack The Box
An Optimum write-up covering null byte injection, Python scripting, basic PowerShell for pentesting, CVE-2014-6287 for initial access and CVE-2016-0099, also known as MS16-032, for privilege escalation.
Bashed - Easy - Hack The Box
A write-up of Bashed covering fuzzing, web shells, lateral movement, modifying Python scripts, exploiting cron jobs and escalating privileges through SUID permissions.
Legacy - Easy - Hack The Box
In this post, we exploit Legacy using CVE-2008-4250. It is similar to Blue, but also covers generating shellcode with Msfvenom without using zzz_exploit.py.
Blue - Easy - Hack The Box
In this post, we exploit the Blue machine with the NSA's famous EternalBlue tool, targeting the SMBv1 vulnerability CVE-2017-0144 and obtaining the highest possible privileges remotely.
Netmon - Easy - Hack The Box
Netmon demonstrates the impact of a misconfigured FTP server that exposes system files and configuration backups. We recover web application credentials and exploit CVE-2018-9276 for RCE by adding an administrator account.
Jerry - Easy - Hack The Box
In this write-up, we exploit Tomcat on the Easy machine Jerry through the Manager App, deploying a malicious .war application containing a reverse shell that gives us system administrator access.
Lame - Easy - Hack The Box
An Easy machine where we gain root access by exploiting the Samba vulnerability CVE-2007-2447.
Fawn - Starting point - Hack The Box
In this write-up, we cover Fawn, the second Tier 0 Starting Point machine. We connect to FTP using anonymous login and download the flag to our own machine.
Meow - Starting point - Hack The Box
This post begins the Tier 0 Starting Point machines with Meow, the first machine selected for a write-up. I will focus on the exploitation process and only reference the accompanying questions when they provide information required for exploitation.
Dina 1.0.1 - Vulnhub
Reconnaissance, brute force, RCE through command injection and privilege escalation through sudo.



