🐱

HackTheBox Writeups

HackTheBox Profile Badge

23 writeups

Garfield HackTheBox Writeup- Hard Windows Active Directory Machine Walkthrough
Hard

Garfield HackTheBox Writeup- Hard Windows Active Directory Machine Walkthrough

A comprehensive walkthrough of the Garfield machine from HackTheBox. This Hard-difficulty Windows Active Directory machine writeup covers abusing writable ACLs to plant a malicious logon script via scriptPath, gaining code execution as l.wilson, resetting the l.wilson_adm password for lateral movement, pivoting to an internal Read-Only Domain Controller through a Ligolo tunnel, creating a fake machine account for Resource-Based Constrained Delegation, dumping the krbtgt_8245 AES256 key from RODC01 using Mimikatz, modifying the RODC password replication policy, forging an RODC Golden Ticket with Rubeus, performing a KeyList attack against DC01 to obtain a legitimate Administrator TGT, and fully compromising the domain via NTDS dump. An essential resource for penetration testers studying multi-step Active Directory exploitation chains.

Author Apr 6, 2026
16 min
hackthebox htb garfield windows
HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE
Medium

HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

DevArea is a Medium-difficulty HackTheBox machine from Season 10 featuring an internal developer platform exposed across multiple services. The exploitation chain begins with anonymous FTP access to a leaked JAR file, which reveals an Apache CXF SOAP service vulnerable to a critical XOP/MTOM Local File Inclusion (CVE-2022-46364 / CVE-2022-46363). Reading the HoverFly systemd service file leaks admin credentials, which are used to authenticate against the HoverFly Admin API and obtain a JWT token. From there, a malicious middleware payload injected via the /api/v2/hoverfly/middleware endpoint delivers a reverse shell as dev_ryan. Privilege escalation to root exploits a world-writable /bin/bash binary combined with a sudo-permitted script to plant a root-owned SUID shell. This writeup provides a complete step-by-step walkthrough with detailed technical analysis of each exploitation stage.

Author Mar 30, 2026
17 min
hackthebox htb linux cve-2022-46364
HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape
Easy

HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape

Kobold is an Easy-difficulty HackTheBox machine from Season 10 built around modern AI tooling infrastructure. The attack chain begins with subdomain enumeration uncovering an MCPJam Inspector instance vulnerable to CVE-2026-23744 — a critical unauthenticated RCE in the /api/mcp/connect endpoint that allows arbitrary command execution via a crafted serverConfig payload. This delivers a reverse shell as the user ben. Privilege escalation exploits an implicit Docker group membership accessible via newgrp docker, which is leveraged to mount the host filesystem inside a root-running MySQL container and read the root flag directly — a textbook Docker socket escape. This writeup provides a complete step-by-step walkthrough with beginner-friendly explanations of each technique.

Author Mar 30, 2026
14 min
hackthebox htb linux cve-2026-23744
HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation
Medium

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

VariaType is a cutting-edge HackTheBox machine from Season 10 featuring a web-based variable font generator. The exploitation chain involves chaining three critical vulnerabilities—fontTools CVE-2025-66034 for initial webshell creation, FontForge CVE-2024-25081 for lateral privilege escalation to the steve user, and a setuptools PackageIndex path traversal vulnerability for root access. This writeup provides complete step-by-step instructions with detailed technical analysis of each exploit mechanism.

Author Mar 15, 2026
20 min
hackthebox htb linux cve-2025-66034
CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough
Easy

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

A comprehensive walkthrough of the CCTV machine from HackTheBox Season 10. This Medium-difficulty Linux machine writeup covers ZoneMinder default credentials, exploiting CVE-2024-51482 SQL injection to extract and crack bcrypt hashes, leveraging a tcpdump Linux capability to sniff plaintext credentials from Docker network traffic, SSH port forwarding to expose an internal MotionEye instance, and achieving root via CVE-2025-60787 remote code execution using Metasploit. A must-read for penetration testers tackling multi-step Linux exploitation chains.

Author Mar 8, 2026
16 min
hackthebox htb cctv linux
Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough
Hard

Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough

A comprehensive walkthrough of the Pirate machine from HackTheBox Season 10. This Hard-difficulty Windows machine writeup covers initial access with provided credentials, Active Directory enumeration, lateral movement strategies, privilege escalation techniques, and achieving SYSTEM access. Learn how to compromise this challenging HTB Windows machine with detailed methodology, practical command examples, and SEO-optimized content for cybersecurity professionals.

Author Mar 4, 2026
33 min
hackthebox htb pirate windows
Hack The Box Sorcery Writeup (Season 8) – Complete Walkthrough | Insane Linux Machine
Insane

Hack The Box Sorcery Writeup (Season 8) – Complete Walkthrough | Insane Linux Machine

Sorcery is a Medium difficulty Linux machine from Hack The Box Season 8 that focuses on web application exploitation, misconfigurations, and privilege escalation techniques. In this walkthrough, we perform full reconnaissance, identify the attack surface, exploit vulnerabilities to gain initial access, and escalate privileges to root. This guide breaks down every phase of the attack chain with practical methodology and command examples, making it ideal for penetration testers, red teamers, and HTB players preparing for real-world scenarios.

Author Feb 12, 2026
53 min
hackthebox htb hackthebox htb
Pterodactyl Hack The Box Write-Up-Medium Linux Machine Walkthrough
Medium

Pterodactyl Hack The Box Write-Up-Medium Linux Machine Walkthrough

This write-up covers the full compromise of the Pterodactyl machine from Hack The Box, a Medium-difficulty Linux challenge. It walks through initial reconnaissance, service enumeration, vulnerability discovery, exploitation paths, and the privilege escalation techniques required to achieve root access. Ideal for penetration testers and CTF players looking to sharpen real-world Linux exploitation skills and structured attack methodology.

Author Feb 9, 2026
14 min
htb hackthebox linux medium
Facts Hack The Box Writeup-Sudo Privilege Escalation via Facter (Linux)
Easy

Facts Hack The Box Writeup-Sudo Privilege Escalation via Facter (Linux)

In this walkthrough of the Facts machine from Hack The Box, we exploit a misconfigured sudo rule allowing the execution of Facter as root. By abusing Facter's --custom-dir option, we load a malicious Ruby fact file that executes with UID 0. Instead of spawning an unstable shell, we apply the SetUID bit to /bin/bash, gaining a persistent root shell via bash -p. This writeup covers enumeration, attack reasoning, exploitation mechanics, and a clean privilege escalation path to root.

Author Feb 1, 2026
9 min
htb Linux htb hackthebox
HackTheBox Gavel Walkthrough (Linux – Medium)
Medium

HackTheBox Gavel Walkthrough (Linux – Medium)

This HackTheBox Gavel writeup provides a full walkthrough for the Linux Medium machine from Season 9. it covers the entire exploitation chain, including enumeration, misconfiguration discovery, service abuse, gaining an initial foothold, and achieving root through privilege escalation. This guide is designed for learners who want a clear, realistic, attacker-focused approach to solving HTB gavel machine and improving their penetration testing skills.

Author Nov 30, 2025
5 min
pentesting htb hackthebox