One challenging aspect of creating a shellcode is dealing with addresses. Your shellcode will often need to reference certain locations, which gets complicated when working in the context of the pr...

A format string is, simply put, a string that is used to format dynamic data for display. They are typically used to avoid hard-coding variables into a string, and also allows the programmer to spe...

Zipping is a nice medium linux box on HackTheBox. It starts with exploiting a descrepancy on how gz (CLI) and ZipArchive (PHP) works to fool the web app into extracting a ZIP file containing a PHP ...

Topology is an easy linux machine on HackTheBox. It starts with exploiting a custom LaTeX parser to get LFI and leak creds to get a foothold on the box. Root involves exploiting gnuplot. Info ...

Sau is probably the shortest box ever released on HackTheBox. Foothold involves exploiting Request Baskets to access a hidden instance of Maltrail, which is vulnerable to RCE. Privesc is through th...

Sandworm is a nice medium linux box on HackTheBox. It starts with exploiting an SSTI vulnerability in a custom web app that does some PGP operations using user input. Once inside, you’ll need to br...

Pilgrimage is an easy linux machine on HackTheBox. It starts with a exploiting a CVE on ImageMagick to leak a local sqlite database. Privesc to root is through a binwalk exploit. Info ...

Keeper is an easy linux machine on HackTheBox. It starts with exploiting an administrative feature on Best Practical RT instance that was using default creds to add a custom event handler that run ...

Jupiter is a very nice medium linux box on HackTheBox. It starts with exploiting an instance of Grafana that’s making an API call containing full SQL queries, which are executed without validation....

Gofer is a very nice, hard box on HackTheBox. It starts with a verb tampering attack on a custom proxy to bypass access control, then a phishing attack on a local user using LibreOffice macro. Priv...