Introduction This write-up details my approach to solving the HackTheBox machine “Alert”. The box demonstrates several vulnerabilities including stored cross-site scripting (XSS), path traversal, ...

Introduction This write-up details my approach to solving the HackTheBox machine “Chemistry”. The box demonstrates multiple vulnerabilities including a CIF parser code execution vulnerability (CVE...

Introduction This write-up details my approach to solving the HackTheBox machine “Instant”. The box demonstrates several vulnerabilities including API authentication bypass, path traversal, and in...

Introduction This write-up details my approach to solving the HackTheBox machine “Cicada”. The box demonstrates typical Active Directory enumeration and exploitation techniques, including SMB shar...

Introduction This write-up details my approach to solving the HackTheBox machine “Trickster”. The box demonstrates several vulnerabilities including PrestaShop RCE (CVE-2024-34716), privilege esca...

Introduction This write-up details my approach to solving the HackTheBox machine “MonitorsThree”. The box demonstrates several vulnerabilities including SQL injection, exploitation of CVE-2023-288...

Introduction This write-up details my approach to solving the HackTheBox machine “Sightless”. The box demonstrates several common vulnerabilities including remote code execution (RCE) via CVE-2022...

TL;DR Sea is an engaging HackTheBox machine that showcases how chaining multiple vulnerabilities - from XSS to command injection - can lead to full system compromise. The path involves exploiting ...