hack-the-box
Card image cap
Magic

This box was really cool for a few reasons. First off we bypass authentication using one of the OWASP Top 10, then continue to upload a reverse shell by tricking the web server into believing we are uploading a .

Card image cap
Remote

Remote was a very cool windows box that required us to discover a vulnerability in their CMS, after discovering an exposed file system that contained a backup. Once on the machine we can find out that there are some misconfigured privileges.

Card image cap
Traceback

This machine was challenging, but I learned a lot. I learned how to make “smarter” shells and how to upload the pspy script to a remote server. I wonder if I could have completed this machine without adding my public ssh key, because at the moment it is very identifiable.

Card image cap
Admirer

This was one of the first boxes I completed and it was difficult. It took me the longest time to enumerate the directories and finally find what I was looking for. Overall, I learned more about using my resources and double checking where I had thought I already looked.

Card image cap
Fuzzy

Fuzzy challenged the user on the basics of fuzzing and taught me how to use wfuzz and other techniques to learn information about my target machine. I suggest anyone who would like to learn about fuzzing take on this challenge.