Why lambda htb writeup. Mar 23, 2025 · Attribution-NonCommercial-ShareAlike 4.

Why lambda htb writeup. Posted by xtromera on April 03, 2025 · 40 mins read Oct 10, 2011 · HTB-Mailing-Writeup-Walkthrough @EnisisTourist In this writeup, we delve into the Mailing box, the first Windows machine of Hack The Box’s Season 5. GenericWrite permission on MANAGEMENT_SVC@CERTIFIED. Jul 18, 2022 · Time for another writeup on this totally well maintained blog 👀. Sep 20, 2024 · Welcome to this WriteUp of the HackTheBox machine “Mailing”. Pretty much every step is straightforward. During the lab, we utilized some crucial and cutting-edge tools to enhance our Penetration… LazyHackers. TO GET THE COMPLETE IN-DEPTH PICTORIAL WRITEUP RIGHT NOW, SUBSCRIBE TO THE NEWSLETTER! Sep 29, 2024 · Summary:SolarLab is a medium-difficulty machine on HackTheBox that begins with anonymous access to SMB shares, revealing sensitive data Welcome to the HTB-Writeups repository! This project serves as a bilingual index of Hack The Box write-ups, featuring both machine and challenge walkthroughs published on Medium. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects. Mar 23, 2025 · Attribution-NonCommercial-ShareAlike 4. trick. Writeup for the Dashboarded challenge from HTB's Business CTF 2025. Jul 27, 2021 · HTB Business CTF 2021 - Theta writeup 27 Jul 2021 Theta was a challenge at the HTB Business CTF 2021 from the ‘Cloud’ category. To get an initial shell, I’ll exploit a blind SQLI vulnerability in CMS Made Simple to get credentials, which I can use to log in with SSH. HTB Writeups 🛡️ This repository contains a collection of writeups for machines on the Hack The Box platform. HTB. We would like to show you a description here but the site won’t allow us. From there, we accessed the Flask app’s source code, extracted database credentials, dumped the Writeups for Hack The Box machines/challenges. 123 for this writeup). A short summary of how I proceeded to root the machine: leaking the hMailServer configuration file obtained the password hash from Nov 23, 2021 · HTB 2021 Uni CTF Quals - Epsilon writeup Tue, Nov 23, 2021 Medium Cloud TLDR Port 80 exposed a git repository Downloading it revealed the AWS credentials and the use of lambda functions The lambda function contains code with a JWT secret You can forge the authentication cookie with the JWT secret to login into the port 5000 website There is a Server Side Template Injection in the /order Oct 5, 2024 · InfoSec Write-ups HTB | Editorial — SSRF and CVE-2022–24439 anuragtaparia Follow 4 min read Jul 15, 2025 · Description 60 pts, Hard Web Written by MasterSplinter Static Analysis The challenge/backend/model. Mar 30, 2025 · WRITEUP COMING SOON! COMPLETE IN-DEPTH PICTORIAL WRITEUP OF CODE ON HACKTHEBOX WILL BE POSTED POST-RETIREMENT OF THE MACHINE ACCORDING TO HTB GUIDELINES. Notes and reports from HTB boxes. This was a straight-forward box featuring using a public exploit against CMS Made Simple that exploits a SQL injection vulnerability, leading to A template for my Hack The Box CTF writeups using pandoc and the pandoc latex template. 0: 1341: August 5, 2021 : Official Substandard Optimization Discussion. Upon opening the page you see that the index has nothing more than a bunch of images and text messages, but in the navigation bar you see that there is a dashboard and a try section. A step-by-step write-up on how to approach this boot2root challenge, recon, research vulnerabilities, exploit and perform post-exploitation of a Linux server running a vulnerable CMS web application (SPIP 4). Let’s go! Nov 8, 2023 · Ethical hacking case study, Penetration testing findings, HTB box analysis, Vulnerability assessment report, HTB answers, Cybersecurity testing insights, Hack The Box report, Penetration tester Write-Ups, Tools and Scripts for Hack The Box. I tested from port 1 to 9999 and only the response from port 5000 was a little less than the others. This arrangement is reminiscent of a deserialisation attack. xlsx file containing user information such as Dec 12, 2020 · Write-Ups for HackTheBox. Description It looks like the AI hype has reached further than we thought. The website redirected to titanic. It was a fun… Writeup of the Why Lambda challenge from Hackthebox - Milestones - Waz3d/HTB-WhyLambda-Writeup In here I post the writeups of my favourites CTF challenges that I manage to solve. Jul 29, 2021 · Starting for this challenge with scanning the open port in the host. A recommendable way to move from easy to medium Oct 10, 2010 · Walkthrough for the HTB Writeup box. Neither of the steps were hard, but both were interesting. models. Nov 5, 2021 · Why Lambda 2 minute read To some people, lambda may seem like syntax sugar, but it is more than that. About HTB (HackTheBox) write-ups and solutions for various challenges and machines, including CTF challenges in AI, Blockchain, Crypto, Hardware, OSINT, and Web categories. htb Then access it via the browser, it’s a system monitoring panel. Practice your ethical hacking skills with HTB challenge flag format. Each writeup documents the methodology, tools used, and step-by-step solutions for solving Sherlock challenges, enabling you to enhance your skills in forensic analysis and incident response. htb to your /etc/hosts configuration file ), we see an portal, hmm let’s take a pause and think for a while, in order to get the message from title page, we need to perform some attack, we can go down the rabbit hole Apr 27, 2025 · Actuator CTF Eureka heapdump HTB Java JDumpSpider linux microservice MITM Password Reusing pspy service cluster Sprint Boot Tomcat writeup 5 Zephyr htb writeup - htbpro. Posted by xtromera on September 12, 2024 · 10 mins read Well the write ups comes in handy while doing pen testing and preparing for certs, and for me it was a pain, because every time i remember a vulnerability from a box on HTB, then i login into HTB and get the writeup for the box which is annoying tbh. TO GET THE COMPLETE IN-DEPTH PICTORIAL WRITEUP RIGHT NOW, SUBSCRIBE TO THE NEWSLETTER! May 15, 2024 · First off, I put the IP address in the ‘etc/hosts’ file along with the domain names for ports 80 (solarlab. Certified HTB Writeup | HacktheBox Achieved a full compromise of the Certified machine, demonstrating the power of leveraging misconfigurations and services in AD environments. In this latest article, I am sharing a very detailed and comprehensive walkthrough of HTB Business CTF 2024 's Fullpwn challenge " Submerged ". Oct 10, 2011 · ERA HTB Writeup | HacktheBox | Season 8 Platform: HackTheBox Difficulty: Intermediate Focus: Enumeration, IDOR, SSRF, FTP Exploitation, Privilege Escalation 📌 Overview The Era machine is a great example of a vulnerable system with multiple chained exploits. June 24, 2021 - Posted in HTB Writeup by Peter. Jan 25, 2024 · Man in the Middle is a Hack The Box challenge that involves analyzing a bluetooth capture to find the flag. 2: 3291: November 1, 2021 Writeup of the Why Lambda challenge from Hackthebox - Activity · Waz3d/HTB-WhyLambda-Writeup Writeup of the Why Lambda challenge from Hackthebox - Pull requests · Waz3d/HTB-WhyLambda-Writeup Writeup of the Why Lambda challenge from Hackthebox - Issues · Waz3d/HTB-WhyLambda-Writeup Mar 10, 2024 · Found: domaindnszones. This walkthrough is now live on my website, where I detail the entire process step-by-step to help others understand and replicate similar scenarios during penetration testing. Sep 10, 2023 · So this is my write-up on one of the HackTheBox machines called Trick. " " Challenges are bite-sized applications for different pentesting techniques. Contribute to babbadeckl/HackTheBox-Writeups development by creating an account on GitHub. It had a very interesting path to root, which was tricky to spot but fun to exploit Jul 21, 2025 · BlockBlock HTB writeup Walkethrough for the BlockBlock HTB machine. planning. Those keys get access to lambda functions which contain a secret that is reused as the secret for the signing of JWT tokens on the site. Kyle Waltersincluded in Draft 2025-02-19 About 4000 words 19 minutes Contents Introduction Before we begin Preflight Checklist Advice and Other Thoughts Steps to user. 250 internal. Help! One of our red teamers has captured something… Jan 20, 2024 · HTB Why Lambda Writeup Why Lambda is a Hack The Box challenge involving machine learning and XSS. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. So I looked into vue XSS examples and all showed just v-html as the equivalent of innerHTML. Jun 20, 2024 · Here is a walk through of the HTB machine Writeup. This machine is quite easy if you just take a step back and do what you… Apr 29, 2025 · I’ve just completed the Why Lambda challenge on Hack The Box! 🧠 An interesting challenge that tested my understanding of serverless logic and function behaviors. May 29, 2024 · App has backend in flask and front in vue. It definitely helped to introduce me to basic web enum skills without relying on scripts, exploit finding and local privilege escalation. load_model(). " They are similar to traditional CTF-style tasks. Whether you're an ethical hacker, infosec enthusiast, or pentester, you'll find practical guides, tools, and insights to level up your skills. Jun 18, 2025 · Argon CA certifiate code review Cypher Injection DNS poisoning Dnsmasq Docker Credential Helper Docker Registry Free IPA ftp gitea HTB Kafka Kerberos ldap Mailhog Next. Welcome to Code, the HTB box GitHub is where people build software. Gitea Enumeration If we check the official documentation of Gitea on How to install with Docker, we will see some discrepancies compared to the one from Titanic. HTB: MANAGEMENT@CERTIFIED. This detailed walkthrough covers the key steps and methodologies used to exploit the machine and gain root access. For this reason, we have asked the HTB admins and they have given us a pleasant surprise: in the future, they are going to add the ability for users to submit writeups directly to HTB which can automatically be unlocked after owning a machine. When bot -> XSS. In this box, I’ll start by finding an exposed git repo on the webserver, and use that to find source code for the site, including the AWS keys. in is your go-to blog for everything cybersecurity. 11. Jun 2, 2023 · Hi, in this writeup i will write about how i solve Behind the Scenes challange on hackthebox academy reverse engineering category. Contribute to cloudkevin/HTB-Writeup development by creating an account on GitHub. Let’s explore how to tackle the challenges presented by Mailing. Contribute to 1Birdo/HTB-writeup development by creating an account on GitHub. Each writeup details the methodology used, tools applied, and personal reflections on the lessons learned. keras. htb). other web page The “ Analyze Log File ” feature allows access to log files with root permissions. htb Found: forestdnszones. Imagine we have a function that takes a list of Int and returns a list of even number. After scanning the target, I found that ports 22 (SSH) and 80 (Apache) were open. Dec 22, 2023 · Taking a closer look the site’s source code, the first thing that stood out to me was that the “complaints reporting” part was managed by a bot. Oct 10, 2011 · Sightless HTB writeup Walkethrough for the Sightless HTB machine. Jan 21, 2024 · Why Lambda is a Hack The Box challenge involving machine learning and XSS. Oct 12, 2019 · Writeup starts off easy with an unauthenticated vulnerability in CMS Made Simple that I exploit to dump the database credentials. Explore the fundamentals of cybersecurity in the Faraday This writeup simplifies key concepts, making them accessible for players of all levels. The app has a bot and its password is ungettable afaik. I came across 2 weeks ago 4. When we try this command we get a ton of unnecessary output, we can filter the output by using the -fs option to filter the size of the Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup [CCE 2024 Qual] ccend write-up주말에 지인분들과 CCE를 나갔습니다작년에는 한문제도 못풀었는데 ㅎㅎ 팀원들이 다 웹이 주분야여서 이번 목표는 웹 다 풀어보자!!! Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup Oct 12, 2019 · Writeup was a great easy box. htb ``` Adding these as well to our /etc/hosts echo '10. 3K ERA HTB Writeup | HacktheBox | Season 8 Platform: HackTheBox Difficulty: Intermediate Focus: Enumeration, IDOR, SSRF, FTP Exploi Aug 26, 2024 · ssh -v -N -L 8080:localhost:8080 amay@sea. py script, as is often the case in this type of challenges. Writeups for all the HTB machines I have done. _msdcs. The box was centered around common vulnerabilities associated with Active Directory. Contribute to d3nkers/htb-writeup development by creating an account on GitHub. Unleashing the Magic: Predicting HackTheBox Season 8 Week 6 - Artificial (Easy Linux Challenge) htb-writeup 🔍 Overview Hack The Box just released a new Linux machine titled "Artificial", rated Easy and worth 20 points. htb”, we add this to our /etc/hosts and navigate to the newly found domain. No volumes are explicitly defined, so MySQL stores its data in the default container path. Jul 15, 2025 · The author explained that a Lambda layer can be introduced in the model to cause RCE when the model is saved then loaded using tensorflow. Simply great! Mar 28, 2025 · Introduction screen for “Writeup” Machine About Writeup Writeup is an easy difficulty Linux box with DoS protection in place to prevent brute forcing. htb domaindnszones. test log_file Follow Archive Bug Bounty Write-up Submissions IW Ambassadors Weekly News Letter Nov 3, 2024 · This allows for a potential escalation to MANAGEMENT@CERTIFIED. The initial foothold was obtained by embedding a reverse shell code inside a Lambda layer and exploiting the backend’s behavior which loads these models without sandboxing. As of now, my main goal is to verticalize my skills on the Web Security sector, as part of my affort to maybe, one day, join TeamItaly. May 29, 2024 · HTB - Why Lambda - web - hard 29 May 2024. The challenge is rated as Hard, and is an example of chaining multiple vulnerabilities to hack a web application. xyz. - d0n601/HTB_Writeup-Template AWS penetration testing: a step-by-step guide Christian Becker, Advanced Attack Simulation Specialist at Y-Sec, shares essential techniques and tools for AWS pentesting. Each walkthrough is designed to provide insights into the techniques and methodologies used to solve complex cybersecurity puzzles. 123 The ping responds, confirming the machine is alive. While interacting with the booking form, I discovered a path traversal vulnerability in the /download endpoint, allowing me to read sensitive files Learning is much better with friends, I would highly recommend finding people around the same skill level that also enjoy doing similar things. Nov 8, 2022 · We managed to find a subdomain, “preprod-payroll. Please do not post any spoilers or big hints. htb forestdnszones. 10. txt Enter Encrypt again Dec 3, 2024 · I enjoy being light-hearted and concise in these writeups, but make sure to check out the end where I go over how organizations can mitigate the threats outlined in this lab. May 16, 2024 · In this walkthrough, I demonstrate how I obtained complete ownership of SolarLab on HackTheBox May 15, 2025 · Change the approach and enumerate subdomains, discovering grafana. {"payload":{"allShortcutsEnabled":false,"fileTree":{"stacked":{"items":[{"name":"write-up-stacked. Each solution comes with detailed explanations and necessary resources. 60 -F 表示 hacking cybersecurity ctf-writeups pentesting ctf htb hackthebox hackthebox-writeups htb-writeups ctf-walkthroughs htb-walkthroughs hackthebox-walkthroughs Updated on Jul 6 TypeScript May 11, 2025 · cron crontab CTF CVE-2024-9264 Grafana hackthebox HTB linux RCE Swagger writeup 5 Previous Post HTB Writeup – Environment Jan 16, 2025 · Explore the ALERT challenge walkthrough on HTB, featuring step-by-step instructions for vulnerability assessment and exploitation techniques by Anandhu Suresh. Jun 24, 2025 · Summary (How?) Artificial is a machine with a web interface that allows to upload and execute TensorFlow . In this write-up, we will dive into the HackTheBox seasonal machine Editorial. On further inspection, the application also provides a mechanism to load a pretrained model via the POST /api/internal/model endpoint. To interact with the target, I connect to the HTB VPN using OpenVPN: sudo openvpn my_vpn. py file provides an example of training and saving a Keras ML model in a h5 format. md","path":"stacked/write-up-stacked. This is my writeup for the challenge. After cracking the user hash, I can log in to the machine because the user re-used the same password for SSH. HTB has GenericWrite permission over the MANAGEMENT_SVC account. htb) and 6791 (report. Contribute to alvaroogs013/WriteUp-HTB-Editorial development by creating an account on GitHub. It is a Linux machine on which we will carry out a SSRF attack that will allow us to gain access to the system via SSH. May 6, 2025 · The machine’s IP address is assigned by HTB (let’s assume 10. Contribute to mzfr/HackTheBox-writeups development by creating an account on GitHub. More info about the structure of HackTheBox can be found on the HTB knowledge base. There’s a good chance to practice SMB enumeration. solarlab. Why lambda htb writeupWhy lambda htb writeup Why lambda htb writeup. Jul 6, 2022 · Then we will get access to lambda functions that contain the information we need to create a valid JWT to log in the website. It’s a mode that should help us solve the machine with some greater ease. A short summary of how I proceeded to root the machine: through smb find a . Now, let’s dig deeper. Dive into detailed write-ups on Hack The Box machines, AI in security, AWS pentesting, red teaming strategies, web app and WiFi hacking, network penetration testing, and more. Mar 7, 2024 · Writeup for the Hack The Box Season 4 Machine Perfection [Easy] Read stories about Htb Writeup on Medium. Because of this goal of mine, i will not share writeups of challenges which I solved together with the team of srdnlen, as those are always a result of great group effort Oct 27, 2024 · This is a writeup for the medium difficulty retired Linux machine Epsilon, which features AWS hacking for Lambda functions. Feb 16, 2025 · The MySQL server is only accessible from localhost (host-only binding). Using naabu, I get only port 22 and 4566 open. I competed with the ITSEC Asia team, and we ended up securing 16th place out of 795 companies. So let’s get into it!! Welcome to the HTB Sherlocks Writeups repository! This collection contains detailed writeups for Digital Forensics and Incident Response (DFIR) challenges on Hack The Box (HTB). htb' | sudo tee -a /etc/hosts . This box is similar to the Legacy box in that it’s pretty easy to hop into. The script spawns a Puppeteer instance to visit the page containing our report. Explore the fundamentals of cybersecurity in the Vintage Capture The Flag (CTF) challenge, a hard-level experience! This straightforward CTF writeup provides insights into key concepts with clarity and simplicity, making it accessible for players at this level. After enumerating the address with gobuster we Jun 1, 2025 · Active Directory AD CS CA private key certificate certipy certutil CRA ESC3 ESC7 GoldenCert Attack hackthebox HTB Kerberos MachineKeys NTML pcap RCE SeManageVolumePrivilege SQL Dump upload bypass windows wireshark writeup ZIP Concatenation 7 HTB Writeup – Fluffy Next Post Dec 5, 2024 · Task 2: What is the title of the page that comes up if the site detects an attack in the contact support form? We visit the website on port 5000 (as always add the host headless. ovpn Once connected, I verify connectivity by pinging the target: ping -c 4 10. md","contentType":"file About Official Writeups for HackTheBox Business CTF 2025: Operation Blackout GitHub is where people build software. analysis. HTB - Writeup I'll be using this blog to post Hackthebox writeups, among other projects that I'm working on Writeup was one of the first boxes I did when I joined Hackthebox. If you have to repeat some codes with minor modification, you can leverage on the power of lambda. Doing further enumeration, this took a while and can be used with more threads ``` Jun 1, 2025 · In this writeup, I’ll walk you through all the cloud challenges from HTB Business CTF 2025. The priv esc is pretty nice: I have write access to /usr/local and I can write a binary payload in there that gets executed by run-parts when I SSH in Blurry is an interesting HTB machine where you will leverage the CVE 2024-24590 exploit to pop a reverse shell in order to escalate your privileges within the local system. 0 International backup Code code review CTF hackthebox HTB linux object-oriented introspection chains ORM python code editor Python Sandbox Escape python subclasses RCE SQLAlchemy writeup 9 Mar 7, 2024 · This box was rated very easy and is found under the starting point boxes in the lab section of HTB This box was very interesting it was the first box that I every attempted that had cloud aspects Capture hidden flag in HackTheBox (HTB) Type Expetions with our software engineer's walkthrough. Apr 1, 2024 · Today we are jumping into the Season 4 Easy Box — Headless Headless was an interesting box… an nmap scan revealed a site running on port 5000. Let’s take a look at an example. I was just exploring and I saw there’s a fortress by created by AWS and as I have some cloud background, thought it would be good to test my Cloud Jul 12, 2024 · Before you start reading this write up, I’ll just say one thing. May 25, 2023 · Responder is the number four Tier 1 machine from the Starting Point series on the Hack The Box platform. Aug 7, 2024 · Note: this is the solution so turn back if you do not want to see! Note: I read the forum and other websites for help HAHAHA tks guys! Firstly, reading the story and noting down some key points This writeup includes a detailed walkthrough of the machine, including the steps to exploit it and gain root access. txt Organization Port Scanning (using nmap) TCP Port Scan UDP Port Scan Service Enumeration Enumerating Apache HTTPD (80 TCP) Steps to root. Contribute to Kyuu-Ji/htb-write-up development by creating an account on GitHub. On the login page, I found the Grafana version number Grafana v11. Jun 23, 2025 · Hack The Box - HTB Artificial Writeup - Easy - Season 8 Weekly - June 21st, 2025 In a dance of code and chaos, a mindful exploration unwraps hidden paths—from the first nmap whispers to the deserialization of a misdirected TensorFlow model—revealing the inherent beauty and impermanence in every vulnerability, and the art of transforming weakness into root power. May 6, 2025 · [HTB] 靶机学习（二）TheFrizz 概要 学习hackthebox的第二天，本人为初学者，将以初学者的角度对靶机渗透进行学习，中途可能会插入一些跟实操关系不大的相关新概念的学习和解释，尽量做到详细，不跳步，所以也会有理解不正确的地方，欢迎大佬们提出指正 信息收集 nmap - sC - sV -F 10. htb, which I added to /etc/hosts. Insider was an exploit challenge during the 2022 Business CTF from HackTheBox named DirtyMoney. With Writeup of the Why Lambda challenge from Hackthebox - Releases · Waz3d/HTB-WhyLambda-Writeup Mar 19, 2022 · HTB: Stacked hackthebox ctf htb-stacked nmap localstack feroxbuster wfuzz vhosts docker docker-compose xss burp burp-repeater xss-referer aws awslocal aws-lambda cve-2021-32090 command-injection pspy container htb-crossfit htb-bankrobber htb-bucket htb-epsilon oswe-like oscp-plus-v2 Aug 5, 2021 · Topic Replies Views Activity; About the Challenges category. HTB Business CTF 2024 — Submerged Mar 30, 2025 · WRITEUP COMING SOON! COMPLETE IN-DEPTH PICTORIAL WRITEUP OF HAZE ON HACKTHEBOX WILL BE POSTED POST-RETIREMENT OF THE MACHINE ACCORDING TO HTB GUIDELINES. 0 International AI Artificial Backrest CTF hackthebox HTB linux LM Model RCE Tensorflow writeup 23 HTB Writeup – Sorcery Next Post HTB Writeup – RustyKey Axura We would like to show you a description here but the site won’t allow us. The user is found to be in a non-default group, which has write access to part of the PATH. After some testing, we find that modifying the “ log_file ” parameter enables arbitrary file reading. This challenge involved exploiting a SSRF vulnerability in an AWS app and some simple post-exploitation techniques. Recon & identifying the service After we spawned the container for this challenge we got an IP and a port (4566). GenericWrite permission typically allows an attacker to modify the account’s properties, including the password or login script. This box uses ClearML, an open-source machine learning platform that allows its users to streamline the machine learning Sep 9, 2024 · For this Hack the Box (HTB) machine, techniques such as Enumeration, user pivoting, and privilege escalation were used to obtain both the… Dec 8, 2018 · Active was an example of an easy box that still provided a lot of opportunity to learn. 0 (83b9528bce). 0. Jun 1, 2025 · If you’ve ever yelled at a backup script, threatened to symlink your way to glory, or cried because /root just wouldn't budge, congratulations — you're one of us. A CMS susceptible to a SQL injection vulnerability is found, which is leveraged to gain user credentials. Aug 23, 2024 · This is a walkthrough of the Why Lambda Hack The Box challenge. In Beyond Root Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup Mar 10, 2022 · Epsilon originally released in the 2021 HTB University CTF, but later released on HTB for others to play. js OTP Passkey phishing RCE reversing Rocket Framework Rust Sorcery SSRF SSSD strace WebAuthn writeup X Virtual Framebuffer XSS Xvfb 13 Previous Post HTB Writeup – TombWatcher Dec 2, 2021 · Write-ups of challenges solved in HTB University CTF 2021 (Quals) as a part of team JH4CK. By Feb 15, 2025 · TL;DR This writeup is based on the Titanic machine, an easy-rated Linux box on Hack The Box. Feb 19, 2025 · A guide to completing the Titanic HackTheBox machine. htb, which is a monitoring web page. HTB-WhyLambda-Writeup Let's begin by looking at what the web application let you do. Check it out to learn practical techniques Jun 22, 2025 · Attribution-NonCommercial-ShareAlike 4. Welcome to my collection of Hack The Box & Cyber Defenders walkthroughs! This repository contains detailed step-by-step guides for various HTB challenges and machines. At the Beginning the machine provides us with some credentials admin/0D5oT70Fq13EvB5r with no other details. Oct 2, 2024 · Welcome to this WriteUp of the HackTheBox machine “SolarLab”. And also, they merge in all of the writeups from this github page. Nov 22, 2024 · That’s why I used Intruder to see if the response of one port was different from others. htb gc. Oct 2, 2021 · CAP is an easy and a very interesting machine, especially if you visit HTB after a very long time. Apr 6, 2025 · A complete writeup of the Ghost machine on HackTheBox. The one from Titanic: GitHub is where people build software. It involved a unsecured AWS Lambda service that could be exploited in order to obtain code execution on the server the service was running on. Discover smart, unique perspectives on Htb Writeup and the topics that matter most to you like Htb, Htb Walkthrough, Hackthebox, Cybersecurity, Hacking Apr 30, 2024 · Today we tackle a medium difficulty HTB machine in the guided mode. Jun 14, 2023 · GitHub is where people build software. Oct 6, 2023 · Official discussion thread for Why Lambda. Feel free to explore the writeup and learn from the techniques used to solve this HacktheBox machine. As the professionals we are we forgot to take a screenshot of Oct 10, 2011 · Write Up for Hack The Box "Editorial" machine. Using the account information provided in the question admin / 0D5oT70Fq13EvB5r, I found that I could log into the backend. From there, I’ll abuse access to the staff group to write code to a path that’s running when someone SSHes into the box, and SSH in to trigger it. h5 model files. If you're looking for friends to solve boxes with, our Discord Community is full of people at all skill levels. Boxes can host different Operating Systems; Linux, Windows, FreeBSD, and more. In this box, we explored and learned the following: 🔍 Directory brute-forcing to uncover hidden paths Explore the fundamentals of cybersecurity in the Certified Capture The Flag (CTF) challenge, a medium-level experience! This straightforward CTF writeup provides insights into key concepts with clarity and simplicity, making it accessible for players at this level. A path hijacking results in escalation of Jun 23, 2025 · “Persistence is the payload that always executes. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you’re not a pentester, you may not have had the chance to do before. ” Why I decided this? So I am active in season 8 of HTB for the first time and while exploring I reach to the Hacker rank, (my HTB Profile), and HTB Fortresses are unlocked at this rank. The best channels for this are under the "HTB: Platform" section, where there are specific places to talk about each type of challenge Apr 1, 2025 · HackTheBox — Planning (Writeup) HTB Planning is an easy Linux machine that highlights an RCE on Grafana, a container escape, and privilege escalation via a cronjobs… Mar 27, 2025 · FreeBuf,国内领先的网络安全行业门户,同时也是爱好者们交流与分享安全技术的社区。 May 17, 2025 · Hack The Box “Planning” Walkthrough. WhiteRabbit HTB Writeup | HacktheBox HTB: WhiteRabbit – Season 7 Walkthrough Summary WhiteRabbit was the final machine of Hack The Box Season 7, and it delivered a solid mix of enumeration, exploitation, and privilege escalation techniques. nawqntn vjjc poh citrc eyz mczqgl jrxfc zsooy flsgp ewbzkyi

26th Apr 2024