Hack The Box Write-ups
Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
Note: According to Hack The Box writeups guidelines and Terms of Service, only Retired Content will be described here.
The following machines mainly focus on Active Directory exploitation. Most of them have realistic scenarios that could be applied in real world penetration tests.
|Forest||EASY||WinRM, ASREPRoast, Cracking, Bloodhound|
|Sauna||EASY||WinRM, ASREPRoast, Cracking|
|Active||EASY||WinRM, Kerberoasting, GPP|
|Resolute||MEDIUM||Metasploit, Cleartext Credentials|
|Cascade||MEDIUM||Cryptography, Reverse Engineering, SQL|
|Intelligence||MEDIUM||GMSA, DNS, Cracking, Bloodhound|
|Monteverde||MEDIUM||Bloodhound, Enumeration, Azure|
|StreamIO||MEDIUM||RFI, SQLi, Web, LAPS|
|Blackfield||HARD||ASREPRoast, Token Abuse, SMB, LSASS|
|Reel||HARD||Phishing, AppLocker, PowerShell, Metasploit|
|Mantis||HARD||Web, SQL, CVE, Kerberos|
|Search||HARD||PowerShell, Enumeration, GMSA|
|Acute||HARD||PowerShell, Web, Metasploit|
|Object||HARD||WinRM, Jenkins, Web, Enumeration|
|Sizzle||INSANE||Web, SCF, CLM, AppLocker|
|Multimaster||INSANE||WAF, SQLi, Reverse Engineering, ASREPRoast|