You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: machines/easy/README.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,14 +72,14 @@ permalink: /machines/easy/
72
72
| 32 |**Haystack**| Linux | ELK Stack + Kibana LFI | Find base64 creds in Elasticsearch, exploit Kibana LFI (CVE-2018-17246) for shell, logstash for root |[0xdf](https://0xdf.gitlab.io/2019/11/02/htb-haystack.html)|
73
73
| 33 |**Writeup**| Linux | CMS Made Simple SQLi + PATH Hijack | Exploit CMS Made Simple SQLi (CVE-2019-9053) for creds, SSH, PATH hijack via staff group for root |[0xdf](https://0xdf.gitlab.io/2019/10/12/htb-writeup.html)|
74
74
| 34 |**Luke**| Linux | JSON API + Multiple Creds | Enumerate FTP, discover Ajenti panel, chain API auth tokens to extract admin creds |[0xdf](https://0xdf.gitlab.io/2019/09/14/htb-luke.html)|
75
-
| 35 |**Postman**| Linux | Redis Unauthorized + Webmin RCE | Write SSH key via unauthenticated Redis, crack encrypted SSH key, Webmin RCE (CVE-2019-12840) as root |[0xdf](https://0xdf.gitlab.io/2020/03/14/htb-postman.html), [HackingArticles](https://www.hackingarticles.in/hack-the-box-postman-walkthrough/), [snowscan](https://snowscan.io/htb-writeup-postman/), [Medium](https://medium.com/@v1per/postman-hackthebox-writeup-5d31df5bf6d9)|
| 68 |**GoodGames**| Linux | SQLi + SSTI + Docker Escape | SQL injection in login to dump admin hash, SSTI in Flask dashboard for shell in container, mount host filesystem for root |[0xdf](https://0xdf.gitlab.io/2022/02/23/htb-goodgames.html), [HackingArticles](https://www.hackingarticles.in/goodgames-hackthebox-walkthrough/), [Medium](https://arz101.medium.com/hackthebox-goodgames-20358b06420c)|
122
+
| 68 |**GoodGames**| Linux | SQLi + SSTI + Docker Escape | SQL injection in login to dump admin hash, SSTI in Flask dashboard for shell in container, mount host filesystem for root |[0xdf](https://0xdf.gitlab.io/2022/02/23/htb-goodgames.html), [HackingArticles](https://www.hackingarticles.in/goodgames-hackthebox-walkthrough/), [Medium](https://arz101.medium.com/hackthebox-goodgames-20358b06420c), [erichogue](https://erichogue.ca/2022/04/HTB/GoodGames), [threatninja](https://threatninja.net/hack-the-box-goodgames-machine-walkthrough-easy-difficulty/)|
123
123
| 69 |**NodeBlog**| Linux | NoSQL Injection + XXE + Deserialization | NoSQL injection to bypass login, XXE in blog XML parsing, node-serialize deserialization RCE, MongoDB creds for root |[0xdf](https://0xdf.gitlab.io/2022/01/10/htb-nodeblog.html)|
124
124
| 70 |**Trick**| Linux | DNS Enumeration + SQLi + LFI to RCE | DNS zone transfer reveals subdomains, SQLi in payroll app for file read, find vhost with LFI, include mail with PHP code for RCE, fail2ban privesc |[0xdf](https://0xdf.gitlab.io/2022/10/29/htb-trick.html), [IppSec](https://www.youtube.com/watch?v=i5NHOdCKYEY)|
125
125
| 71 |**RedPanda**| Linux | Spring Boot SSTI + XXE Cron | SSTI in Java Spring Boot search for shell, exploit XXE in log parser cron job to read root SSH key |[0xdf](https://0xdf.gitlab.io/2022/11/26/htb-redpanda.html), [IppSec](https://www.youtube.com/watch?v=HqIUffFdjuI)|
@@ -144,8 +144,8 @@ permalink: /machines/easy/
144
144
| 83 |**Topology**| Linux | LaTeX Injection + gnuplot Privesc | Exploit LaTeX equation generator for file read via \input, find .htpasswd, crack for SSH, gnuplot cron SUID for root |[0xdf](https://0xdf.gitlab.io/2023/11/04/htb-topology.html), [IppSec](https://www.youtube.com/watch?v=LqkA0UnNjGM), [Medium](https://medium.com/@josephalan17201972/topology-hack-the-box-write-up-b7a0f2ae5531)|
145
145
| 84 |**MonitorsTwo**| Linux | Cacti RCE + Docker Escape + SUID | Exploit Cacti (CVE-2022-46169) for shell in container, find MySQL creds, capsh SUID in container, CVE-2021-41091 Docker escape for root |[0xdf](https://0xdf.gitlab.io/2023/09/02/htb-monitorstwo.html), [IppSec](https://www.youtube.com/watch?v=dJfbogs8Yz0), [Medium](https://medium.com/@jules1luv/monitorstwo-hackthebox-writeup-3ed2b76ba833)|
146
146
| 85 |**Sau**| Linux | SSRF + Maltrail RCE | Exploit request-baskets SSRF (CVE-2023-27163) to access internal Maltrail, OS command injection (CVE-2023-27163) for shell, sudo systemctl for root |[0xdf](https://0xdf.gitlab.io/2024/01/06/htb-sau.html), [IppSec](https://www.youtube.com/watch?v=H6QfYGeGdGQ), [Medium](https://medium.com/@onurinalkac/hackthebox-24-sau-writeup-724b3dff4ac9)|
147
-
| 86 |**TwoMillion**| Linux | API IDOR + Command Injection + Kernel CVE | Reverse invite code API, register account, IDOR to make admin, command injection in VPN generate, OverlayFS CVE-2023-0386 for root |[0xdf](https://0xdf.gitlab.io/2023/06/07/htb-twomillion.html), [IppSec](https://www.youtube.com/watch?v=Exl4P3fsF7U), [Medium](https://medium.com/@onurinalkac/hack-the-box-two-million-writeup-c7f839e076f6)|
148
-
| 87 |**Keeper**| Linux | Default Creds + KeePass CVE | Request Tracker default creds, find user's KeePass info in notes, exploit CVE-2023-32784 KeePass memory dump for master password, extract SSH key |[0xdf](https://0xdf.gitlab.io/2024/02/10/htb-keeper.html), [IppSec](https://www.youtube.com/watch?v=0AafRQIaWmQ), [Medium](https://medium.com/@li_allouche/hack-the-box-keeper-writeup-56644dc6a55f)|
147
+
| 86 |**TwoMillion**| Linux | API IDOR + Command Injection + Kernel CVE | Reverse invite code API, register account, IDOR to make admin, command injection in VPN generate, OverlayFS CVE-2023-0386 for root |[0xdf](https://0xdf.gitlab.io/2023/06/07/htb-twomillion.html), [IppSec](https://www.youtube.com/watch?v=Exl4P3fsF7U), [Medium](https://medium.com/@onurinalkac/hack-the-box-two-million-writeup-c7f839e076f6), [threatninja](https://threatninja.net/hack-the-box-twomillion-machine-walkthrough-easy-difficulty/)|
148
+
| 87 |**Keeper**| Linux | Default Creds + KeePass CVE | Request Tracker default creds, find user's KeePass info in notes, exploit CVE-2023-32784 KeePass memory dump for master password, extract SSH key |[0xdf](https://0xdf.gitlab.io/2024/02/10/htb-keeper.html), [IppSec](https://www.youtube.com/watch?v=0AafRQIaWmQ), [Medium](https://medium.com/@li_allouche/hack-the-box-keeper-writeup-56644dc6a55f), [erichogue](https://erichogue.ca/2024/02/HTB/Keeper)|
149
149
| 88 |**CozyHosting**| Linux | Spring Boot Actuator + Command Injection | Leak session cookie from Spring Boot Actuator endpoints, command injection in SSH hostname field, crack PostgreSQL hash, sudo ssh for root |[cyberarri](https://cyberarri.com/2025/01/04/cozyhosting-htb-writeup/), [IppSec](https://www.youtube.com/watch?v=okTl6kWrncg), [Medium](https://medium.com/@johnniketas/hackthebox-cozyhosting-c6e5272e7090)|
150
150
| 89 |**Analytics**| Linux | Metabase Pre-Auth RCE + Docker Escape | Exploit Metabase CVE-2023-38646 pre-auth RCE for container shell, env variables reveal creds, OverlayFS CVE-2023-2640 for root on host |[0xdf](https://0xdf.gitlab.io/2024/03/23/htb-analytics.html), [IppSec](https://www.youtube.com/watch?v=p1NsQSGeDv0), [Medium](https://gxbnt.medium.com/analytics-hackthebox-walkthrough-a9008b2e7a4e)|
151
151
| 90 |**Devvortex**| Linux | Joomla Information Disclosure + RCE | Exploit Joomla CVE-2023-23752 to leak DB creds, access admin panel, template RCE for shell, apport-cli (CVE-2023-1326) for root |[dev.to](https://dev.to/mrtnsgs/hackthebox-writeup-devvortex-retired-1d42), [IppSec](https://www.youtube.com/watch?v=jdWOXokQQK0), [Medium](https://rianfriedt.medium.com/devvortex-writeup-hack-the-box-rian-friedt-a46ae2ab7886)|
@@ -162,7 +162,7 @@ permalink: /machines/easy/
162
162
| 94 |**Perfection**| Linux | SSTI via Regex Bypass + Hash Mask | Bypass regex filter with newline, exploit Ruby ERB SSTI for shell, crack password hash using mail-revealed format mask, sudo for root |[0xdf](https://0xdf.gitlab.io/2024/07/06/htb-perfection.html), [IppSec](https://www.youtube.com/watch?v=zcVCLoMsOKA), [Medium](https://medium.com/@jamesjarviscyber/perfection-hackthebox-walkthrough-management-summary-a493c71355ac)|
163
163
| 95 |**Headless**| Linux | Blind XSS + Command Injection | Steal admin cookie via blind XSS in User-Agent header, access dashboard, command injection for shell, syscheck sudo script for root |[Medium](https://medium.com/@ankitsinha81195_47457/htb-writeup-headless-67fd05b685b5), [IppSec](https://www.youtube.com/watch?v=FDCpJbS1OuQ)|
164
164
| 96 |**WifineticTwo**| Linux | OpenPLC Default Creds + WPS Pixie Dust | Login OpenPLC with default creds, upload PLC script for RCE, WPS Pixie Dust attack on WiFi, pivot to router for root |[Medium](https://medium.com/@jamesjarviscyber/wifinetictwo-hackthebox-writeup-management-summary-654c16eb5647)|
165
-
| 97 |**Usage**| Linux | Blind SQLi + Laravel-Admin Upload | Boolean-based SQLi in password reset leaks admin hash, Laravel-Admin CVE-2023-24249 file upload for shell, 7z wildcard file read for root |[0xdf](https://0xdf.gitlab.io/2024/08/10/htb-usage.html)|
165
+
| 97 |**Usage**| Linux | Blind SQLi + Laravel-Admin Upload | Boolean-based SQLi in password reset leaks admin hash, Laravel-Admin CVE-2023-24249 file upload for shell, 7z wildcard file read for root |[0xdf](https://0xdf.gitlab.io/2024/08/10/htb-usage.html), [erichogue](https://erichogue.ca/2024/08/HTB/Usage)|
166
166
| 98 |**BoardLight**| Linux | Dolibarr RCE + Enlightenment SUID | Exploit Dolibarr CVE-2023-30253 PHP injection for shell, find plaintext creds in config, exploit Enlightenment SUID CVE-2022-37706 for root |[cyberarri](https://cyberarri.com/2024/12/31/boardlight-htb-writeup/), [IppSec](https://www.youtube.com/watch?v=SM6OhymnMbg), [Medium](https://olivierkonate.medium.com/hackthebox-boardlight-8ff0e907d7b2)|
167
167
| 99 |**Crafty**| Windows | Minecraft Log4Shell RCE + Plugin Creds | Exploit Minecraft server Log4Shell (CVE-2021-44228) for shell, reverse engineer Java plugin to find RCON creds, RunAs for admin |[0xdf](https://0xdf.gitlab.io/2024/06/15/htb-crafty.html)|
168
168
| 100 |**PermX**| Linux | Chamilo LMS CVE + Symlink Sudoers | Exploit Chamilo CVE-2023-4220 unrestricted file upload for RCE, symlink /etc/sudoers via ACL script to add sudo ALL for root |[b0rgch3n](https://b0rgch3n.github.io/2024/07/18/writeup-hackthebox-permx/), [Medium](https://medium.com/@pk2212/htb-permx-writeup-walkthrough-df745737713b)|
0 commit comments