Writeups from HackTheBox machines I worked through while preparing for the OSCP certification. Each one covers reconnaissance, exploitation, and privilege escalation.
OSCP Prep
A collection of HackTheBox machine writeups completed during OSCP preparation.
Optimum
31 Jul 2024
HackTheBox Optimum machine writeup.
Cybersecurity
Forest
31 May 2024
HackTheBox Forest machine writeup. AS-REP Roasting, BloodHound path, DCSync to Domain Admin.
Cybersecurity
Conceal
29 May 2024
HackTheBox Conceal machine writeup. SNMP leaks IKE VPN PSK, IPsec tunnel setup, ASP webshell, JuicyPotato SYSTEM.
Cybersecurity
Active
27 May 2024
HackTheBox Active machine writeup. GPP password decryption + Kerberoasting to Domain Admin.
Cybersecurity
Magic
25 May 2024
HackTheBox Magic machine writeup. SQL injection login bypass, double-extension PHP webshell upload, SUID binary PATH hijacking.
Cybersecurity
Grammy
24 May 2024
HackTheBox Granny machine writeup. IIS 6.0 WebDAV MOVE method bypass + Token Kidnapping privilege escalation.
Cybersecurity
Brainfuck
22 May 2024
HackTheBox Brainfuck machine writeup. WordPress auth bypass, SMTP credentials pivot, Vigenère cipher, RSA root flag.
Cybersecurity
Shocker
21 May 2024
HackTheBox Shocker machine writeup. ShellShock (CVE-2014-6271) via CGI bash script, sudo perl privesc.
Cybersecurity
Lame
19 May 2024
HackTheBox Lame machine writeup. Samba 3.0.20 username map script RCE and distcc CVE-2004-2687.
Cybersecurity
FriendZone
17 May 2024
HackTheBox FriendZone machine writeup. DNS zone transfer, SMB credentials, LFI via pagename parameter, Python library hijacking.
Cybersecurity
Legacy
16 May 2024
HackTheBox Legacy machine writeup. Windows XP with SMBv1 — MS08-067 and EternalBlue exploits.
Cybersecurity
Jerry
14 May 2024
HackTheBox Jerry machine writeup. Apache Tomcat with default credentials, WAR file upload to SYSTEM.
Cybersecurity