Locked Posts All Locked Open Artificial - HTB Password Required An Easy-rated HTB box exploiting TensorFlow deserialization RCE to gain initial access, followed by backup abuse, pas... BigBang - HTB Open Access Exploitation of a WordPress and Grafana setup via leaked credentials, JWT abuse on a custom APK API, and command inje... Certificate - HTB Password Required Web-to-root HTB box featuring a ZIP upload bypass with null-byte injection, credential harvesting, shadow credential ... Environment HTB Open Access Initial foothold via broken remember-me parameter, preprod environment bypass, PHP webshell upload, GPG decryption fo... Fluffy - HTB Open Access Initial access via SMB creds, BloodHound enumeration, NTLMv2 cracking, shadow credentials, and Administrator via cert... Mirage - HTB Password Required Windows AD lab with misconfigurations across DNS, LDAP, and certificate services, leading to full domain compromise. Outbound - HTB Password Required nitial foothold via Roundcube exploit, user access through decrypted IMAP creds, and root via sudo misconfiguration i... Planning - HTB Open Access Initial access via admin credentials, exploit of vulnerable Grafana service, enumeration of Docker and environment va... Puppy - HTB Open Access Active Directory attack chain on Puppy involving BloodHound analysis, GenericWrite abuse, KeePass file cracking, and ... Rustykey - HTB Password Required Full Active Directory exploitation on Rusty Key from initial access to domain admin. Includes SPN cracking, AddSelf a... Sorcery -HTB Password Required A brutal, multi-layered HTB box featuring Cypher injection, Docker abuse, custom CA phishing, Kafka RCE, and FreeIPA ... Tombwatcher - HTB Password Required Initial access with user credentials, SPN abuse via targetedKerberoast, GMSA password read, cross-user escalation, ac... Voleur - HTB Password Required Full Domain Compromise via DPAPI Credential Theft and AD Dump WhiteRabbit - HTB Password Required Full walkthrough of WhiteRabbit HTB box involving vhost enumeration, SQLi via HMAC signature spoofing, restic backup ... Era - HTB Password Required Blind RCE through a custom file reader and AV evasion attempts via binary replacement. Editor - HTB Password Required A misconfigured content system where user access leads to unexpected control. Cobblestone - HTB Password Required A web-focused HTB box leveraging SQL injection, and an exposed Cobbler XML-RPC API—leading to a chained privilege esc... Codetwo - HTB Password Required Initial access via █████ RCE on web app → SSH as █████ (cracked creds) → npbackup-cli → root Expressway - HTB Password Required Compromised Expressway HTB from VPN user to root via IKEv1 PSK and Sudo privilege escalation Guardian - HTB Password Required A university portal with weak authentication and insecure web features leads to account takeover, chained into exploi... Imagery - HTB Password Required From XSS to cookie theft, LFI for secrets, then abusing ImageMagick injection and a custom backup utility for root. Previous - HTB Password Required Enumeration of a Next.js application leads to sensitive information disclosure and misuse of Terraform for privilege ... Soulmate - HTB Password Required Compromising a matchmaking webapp through CrushFTP auth bypass and chaining Erlang's remote shell for privilege escal...