Sign in

Hack The Box — Ready


In the first place we find a web server managed with GitLab, it seems that it is working with a version with a certain vulnerability of RCE.

after gaining access to the machine, it turns out that we are in a docker container. …

Hack The Box — Laboratory


Hello everyone! this machine consists of managing to get a subdomain (vhost) on the host to discover a software which is outdated and that presents an rce vulnerability with which we can get a revshell

Once inside the machine, we discovered that we are in a docker container but we…

Hack The Box — Time


This machine is about exploiting a json parser online which presents a rce vulnerability.

After gaining access to the machine, it is possible to escalate to root by modifying a script that is executed periodically

Initial access

Port scan only shows ssh and a web server

Hack The Box — Passage


Initial access to the machine is achieved through outdated cms!

Later, it is possible to scale to a conventional user through the study of the web files. Another horizontal scaling is achieved thanks to ssh.

We manage to scale to root via USBCreator D-Bus!

Initial access

first and as always, a port…

Hack The Box — Academy!


This machine is about getting access to an admin panel on the web page by modifying the parameters when registering a user.
After this, another web page is discovered which shows a technology that contains a vulnerability to achieve rce.
With this, you can access the machine through a revshell.
Privilege escalation is…

An easy level machine with multiple ways to escalate privileges.


This easy machine consists of finding out the password of a user on a web server that uses wordpress to gain access to the machine.

Once inside this, it is possible to escalate to root by abusing the SUID bit


First of all and as always, we do a port…

Hack The Box — Doctor


This machine consists of finding a vhost on the remote machine to gain access to a “forum” in which we find SSTI — Server Side Template Injection — and we manage to get a revshell.

Once inside the machine, we manage to scale horizontally thanks to the revision of the…

Exploit Ubuntu, like a Turtle in a Hurricane


This room consists of exploiting 2 old vulnerabilities

Initial access

The port scan shows nothing that a ssh server an Apache webserver

Billy Joel made a Wordpress blog!


Initial access is achieved by cracking the password of a wordpress user and exploiting a vulnerability in cms.

After this, it is possible to escalate to root through a command that has the SUID bit activated

Initial access

as always, we are going to do a port scan to see what we…

This room provides the real world pentesting challenges.


We get initial access to the machine by finding a page which allows us to execute some commands but they are filtered, we manage to launch a revshell through a bypass technique.

Once inside the machine, we managed to escape from the web server user thanks to a script that…


Computer Science student. Capture the flag player.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store