Category hackthebox

swagshop @ hackthebox. 5 mins to root.

  1. magento is vulnerable to
    adjust exploit settings so target url contains index.php/
  2. user.txt is at /home/h***s/user.txt
  3. get app/etc/local.xml...
Read More

tips for onetwoseven from hackthebox

  1. no need to wfuzz or dirbust anything.
  2. sftp access is chrooted, while httpd’s is not. both services are able to create and follow symlinks.
  3. /etc/passwd,...
Read More

craft @ hackthebox, walktrhough-style

craft from is an easy machine with couple of interesting technologies implemented. needs a little bit RTFM’ing for rooting. Enjoy 🙂

...Read More

tips for flujab from hackthebox

after getting root i finally can take off my clown suit and post some tips and hints for hackthebox flujab box.

initial foothold:

Read More

Help VM from Hackthebox tips and almost walkthrough

this post is about help vm from

  1. wfuzz’ing helps 🙂 with help. it will reveal a piece of vulnerable support software there...
Read More

friendzone @ hackthebox, walkthrough-style

hack the friendzone

some tips and hints for hackthebox’s friendzone machine. walkthrough-style.

  1. doing a standard nmap scan, you can see a coupl...
Read More

Curling from Hackthebox tips and hints

Some tips and hints for Curling VM 

Quite easy and interesting machine...

Read More