Machines - HTB

Explore and Learn

A collection of walkthroughs and insights for tackling challenges on Hack The Box. Explore different techniques and approaches to enhance your cybersecurity skills.

Walkthroughs and Techniques

WifineticTwo

WifineticTwo is a medium-difficulty Linux machine with OpenPLC on port 8080, vulnerable to Remote Code Execution (CVE-2021-31630). After gaining initial access, a WPS attack is executed to retrieve the Wi-Fi password for an Access Point. This enables targeting the OpenWRT router to obtain a root shell via its web interface.

Runner

Runner is a medium-difficulty Linux box with a TeamCity vulnerability (CVE-2023-42793) for authentication bypass. We extract matthew's credentials and john's SSH key, then access a Portainer instance with limited privileges. Finally, we exploit a runc vulnerability (CVE-2024-21626) to create a SUID bash file on the host.

Perfection

Perfection is an easy Linux machine with a web application for calculating student scores, vulnerable to Server-Side Template Injection (SSTI) via regex bypass. Exploiting this grants foothold access, and the user is in the sudo group. Enumeration reveals password hashes and a possible format. A mask attack uncovers the user's password, enabling root access.

Lame

Lame is an easy Linux machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retirement.

Cap

Cap is an easy Linux machine with an HTTP server for administrative functions, vulnerable to Insecure Direct Object Reference (IDOR). This allows access to another user’s network capture, revealing plaintext credentials for foothold access, which is escalated to root using a Linux capability.

BoardLight

BoardLight is a Linux machine with a vulnerable Dolibarr instance (CVE-2023-30253), granting www-data access. Extracting credentials from config files allows SSH access. Privilege escalation is achieved through a SUID binary (CVE-2022-37706), leading to root.

Cicada

Coming Soon!!!!

GreenHorn

GreenHorn is an easy machine exploiting Pluck for RCE and highlighting risks of pixelated credentials and exposed open-source configurations revealing sensitive data.

EvilCUPS

EvilCUPS is a Linux machine with a CUPS command injection vulnerability (CVE-2024-47176). It allows unauthenticated users to execute commands via a malicious printer, gaining "lp" user access and the root password from print jobs.

PermX

PermX is an easy Linux machine with a file upload vulnerability (CVE-2023-4220) for initial access. SSH credentials are found, and a sudo misconfiguration is exploited to gain root access.

Blue

Blue, while possibly the most simple machine on Hack The Box, demonstrates the severity of the EternalBlue exploit, which has been used in multiple large-scale ransomware and crypto-mining attacks since it was leaked publicly.

Legacy

Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator access.