Introduction This writeup documents the process of compromising the “UnderPass” machine from Hack The Box. The machine features a web application with default credentials, an exploitable daloRADIU...

Introduction If you’re trying to run the Cursor AI Code Editor on Linux while keeping the sandbox enabled for security, you might run into errors like: The setuid sandbox is not running as root. ...

Introduction Strutted, a medium-difficulty Linux machine on HackTheBox, offers a practical exploration of real-world vulnerabilities and misconfigurations. Retired as a free instant challenge, thi...

This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox’s policy on publishing content from their platform. For more hints and assi...

Introduction This is a detailed walkthrough for the “Code” machine on Hack The Box. The target is a Linux system running a Python Code Editor web application vulnerable to database query exposure ...

This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox’s policy on publishing content from their platform. For more hints and assi...

INFO Machine IP = 10.10.11.55 OS = Linux Level = EASY Points = 20 Let’s start by adding the machine to our hosts file: echo "10.10.11.55 titanic.htb dev.titanic.htb" >> /etc/hosts Enumerat...

INFO Machine IP = 10.10.11.44 OS = Linux Level = EASY Points = 20 Summary In this challenge, multiple web vulnerabilities were chained to gain a foothold and ultimately escalate privileges. This ...

10.10.14.36 INFO Machine IP = 10.10.11.11 OS = Linux Level = EASY Points = 20 Add the IP of the machine to your /etc/hosts file echo "10.10.11.11 board.htb" >> /etc/hosts Scanni...

🔬 LAB: This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve ...