Linux
Hackthebox - Valentine
· ☕ 22 min read · 👤 Hong
Valentine is a very unique medium difficulty machine which focuses on the Heartbleed vulnerability, which had devastating impact on systems across the globe.

Hackthebox - Node
· ☕ 14 min read · 👤 Hong
Node focuses mainly on newer software and poor configurations. The machine starts out seemingly easy, but gets progressively harder as more access is gained. In-depth enumeration is required at several steps to be able to progress further into the machine.

Hackthebox - Solidstate
· ☕ 11 min read · 👤 Hong
SolidState is a medium difficulty machine that requires chaining of multiple attack vectors in order to get a privileged shell. As a note, in some cases the exploit may fail to trigger more than once and a machine reset is required.

Hackthebox - Sense
· ☕ 5 min read · 👤 Hong
Sense, while not requiring many steps to complete, can be challenging for some as the proof of concept exploit that is publicly available is very unreliable. An alternate method using the same vulnerability is required to successfully gain access.

Hackthebox - Nineveh
· ☕ 5 min read · 👤 Hong
Nineveh is not overly challenging, however several exploits must be chained to gain initial access. Several uncommon services are running on the machine and some research is required to enumerate them

Hackthebox - Cronos
· ☕ 4 min read · 👤 Hong
CronOS focuses mainly on different vectors for enumeration and also emphasises the risks associated with adding world-writable files to the root crontab. This machine also includes an introductory-level SQL injection vulnerability.

Hackthebox - Beep
· ☕ 7 min read · 👤 Hong
Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack vectors. Luckily, there are several methods available for gaining access.

Hackthebox - Nibbles
· ☕ 5 min read · 👤 Hong
Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. Luckily, a username can be enumerated and guessing the correct password does not take long for most.