Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field. Click below to hack their invite challenge, then get started on one of their many live machines or challenges.
Note: Infinite Logins is not paid by nor affiliated with Hack The Box.
List of Privilege Escalation Methods on Hack The Box Machines
This post will contain a list of retired Hack The Box machines and the methods used by Ippsec to escalate privileges. The idea is to provide a list of privesc methods to review when you’re stuck and unable to find the intended way to escalate when you’re taking the OSCP exam and/or participating in a…
Hack the Box Write-Up: NINEVEH (Without Metasploit)
This box has been one of the most time consuming ones I’ve done so far. I’d highly recommend it for anybody studying/prepping for the OSCP exam, as it will help you sharpen a lot of skills that will come in useful for that certification. Table of Contents: Initial EnumerationUsing Hydra to Brute-Force Our First Login…
Hack the Box Write-Up: VALENTINE (Without Metasploit)
In honors of Valentines day, I figured it only made sense to give this box a try and was shocked at how easy it ended up being. Table of Contents: EnumerationExploiting Heartbleed VulnerabilityPrivilege Escalation Key Takeaways Enumeration As always, I started with an nmap scan to see what ports are open. nmap -T4 -sV -sC…
Hack the Box Write-Up: ARCTIC (Without Metasploit)
This was a “fun” box. It honestly wasn’t too hard because there are many, well documented, public exploits available. I spent way more time than I’d like to admit on the privesc section, but eventually found an easy way in. Table of Contents: Enumeration and Initial FootholdPrivilege EscalationKey Takeaways Enumeration and Initial Foothold As always,…
Hack the Box Write-Up: DEVEL (Without Metasploit)
This was a simple box, but I did run into a curve-ball when getting my initial foothold. I’m rating this as an easy box since the privilege escalation piece was simple when utilizing a kernel exploit, and the the initial way in isn’t super realistic.
Hack The Box: Upcoming Content
There’s a Reddit post in r/oscp titled: OSCP like boxes on Hack The Box (Credit @TJ_Null on Twitter) This post showcases the below graphic that outlines a list of machines on HTB that will best prepare you for the OSCP exam. To guide myself in my OSCP journey, and to hopefully help others along the…
Get new content delivered directly to your inbox.