Preparation You were hired as a dedicated external DFIR specialist to help the APIWizards Inc. company with a security incident in their production environment. APIWizards develop REST APIs on dem...

Usage is an easy HackTheBox machine where we discovered an SQL injection vulnerability on the web server, allowing us to extract the admin password hash. Cracking the hash enabled us to log in and ...

IClean is a medium machine by HackTheBox. We start by exploiting an XSS vulnerability to steal the admin’s session cookie. Using the cookie, we access the admin dashboard and find a SSTI vulnerabil...

BoardLight is an easy box on HackTheBox where we start by exploiting a vulnerability in the Dolibarr web application, using default credentials to gain access. We then pivot to a user account by le...