Locked Posts All Locked Open Artificial - HTB Password Required An Easy-rated HTB box exploiting TensorFlow deserialization RCE to gain initial access, followed by backup abuse, pas... BigBang - HTB Open Access Exploitation of a WordPress and Grafana setup via leaked credentials, JWT abuse on a custom APK API, and command inje... Certificate - HTB Password Required Web-to-root HTB box featuring a ZIP upload bypass with null-byte injection, credential harvesting, shadow credential ... Environment HTB Password Required Initial foothold via broken remember-me parameter, preprod environment bypass, PHP webshell upload, GPG decryption fo... Fluffy - HTB Password Required Initial access via SMB creds, BloodHound enumeration, NTLMv2 cracking, shadow credentials, and Administrator via cert... Mirage - HTB Password Required Windows AD lab with misconfigurations across DNS, LDAP, and certificate services, leading to full domain compromise. Outbound - HTB Password Required nitial foothold via Roundcube exploit, user access through decrypted IMAP creds, and root via sudo misconfiguration i... Planning - HTB Password Required Initial access via admin credentials, exploit of vulnerable Grafana service, enumeration of Docker and environment va... Puppy - HTB Password Required Active Directory attack chain on Puppy involving BloodHound analysis, GenericWrite abuse, KeePass file cracking, and ... Rustykey - HTB Password Required Full Active Directory exploitation on Rusty Key from initial access to domain admin. Includes SPN cracking, AddSelf a... Sorcery -HTB Password Required A brutal, multi-layered HTB box featuring Cypher injection, Docker abuse, custom CA phishing, Kafka RCE, and FreeIPA ... Tombwatcher - HTB Password Required Initial access with user credentials, SPN abuse via targetedKerberoast, GMSA password read, cross-user escalation, ac... Voleur - HTB Password Required Full Domain Compromise via DPAPI Credential Theft and AD Dump WhiteRabbit - HTB Password Required Full walkthrough of WhiteRabbit HTB box involving vhost enumeration, SQLi via HMAC signature spoofing, restic backup ... Era - HTB Password Required Blind RCE through a custom file reader and AV evasion attempts via binary replacement.