Locked Posts All Locked Open Artificial - HTB Password Required An Easy-rated HTB box exploiting TensorFlow deserialization RCE to gain initial access, followed by backup abuse, pas... BigBang - HTB Open Access Exploitation of a WordPress and Grafana setup via leaked credentials, JWT abuse on a custom APK API, and command inje... Certificate - HTB Password Required Web-to-root HTB box featuring a ZIP upload bypass with null-byte injection, credential harvesting, shadow credential ... Cobblestone - HTB Password Required A web-focused HTB box leveraging SQL injection, and an exposed Cobbler XML-RPC API—leading to a chained privilege esc... Codetwo - HTB Password Required Initial access via █████ RCE on web app → SSH as █████ (cracked creds) → npbackup-cli → root Editor - HTB Password Required A misconfigured content system where user access leads to unexpected control. Environment HTB Open Access Initial foothold via broken remember-me parameter, preprod environment bypass, PHP webshell upload, GPG decryption fo... Era - HTB Password Required Blind RCE through a custom file reader and AV evasion attempts via binary replacement. Expressway - HTB Password Required Compromised Expressway HTB from VPN user to root via IKEv1 PSK and Sudo privilege escalation Fluffy - HTB Open Access Initial access via SMB creds, BloodHound enumeration, NTLMv2 cracking, shadow credentials, and Administrator via cert... Guardian - HTB Password Required A university portal with weak authentication and insecure web features leads to account takeover, chained into exploi... Imagery - HTB Password Required From XSS to cookie theft, LFI for secrets, then abusing ImageMagick injection and a custom backup utility for root. Mirage - HTB Password Required Windows AD lab with misconfigurations across DNS, LDAP, and certificate services, leading to full domain compromise. Outbound - HTB Password Required nitial foothold via Roundcube exploit, user access through decrypted IMAP creds, and root via sudo misconfiguration i... Planning - HTB Open Access Initial access via admin credentials, exploit of vulnerable Grafana service, enumeration of Docker and environment va... Previous - HTB Password Required Enumeration of a Next.js application leads to sensitive information disclosure and misuse of Terraform for privilege ... Puppy - HTB Open Access Active Directory attack chain on Puppy involving BloodHound analysis, GenericWrite abuse, KeePass file cracking, and ... Rustykey - HTB Password Required Full Active Directory exploitation on Rusty Key from initial access to domain admin. Includes SPN cracking, AddSelf a... Sorcery -HTB Password Required A brutal, multi-layered HTB box featuring Cypher injection, Docker abuse, custom CA phishing, Kafka RCE, and FreeIPA ... Soulmate - HTB Password Required Compromising a matchmaking webapp through CrushFTP auth bypass and chaining Erlang's remote shell for privilege escal... Tombwatcher - HTB Password Required Initial access with user credentials, SPN abuse via targetedKerberoast, GMSA password read, cross-user escalation, ac... Voleur - HTB Password Required Full Domain Compromise via DPAPI Credential Theft and AD Dump WhiteRabbit - HTB Password Required Full walkthrough of WhiteRabbit HTB box involving vhost enumeration, SQLi via HMAC signature spoofing, restic backup ... DarkZero - HackTheBox Writeup Password Required An Active Directory–based pentest scenario involving MSSQL pivoting, Kerberos abuse, and privilege escalation via CVE...