I have collected a good and large selection of HTB walkthroughs, which will help improve your skills and gain new knowledge in various aspects of pentesting. I divided the selection by difficulty level, I hope it will be useful:
Hack The Box. Easy level:
• Walkthrough Traceback. Backdoor, LUA, SSH.
• Omni Walkthrough. We break the lightweight Windows IoT.
• Walkthrough Buff. RCE in CMS Gym and CloudMe.
• Walkthrough Tabby. RCE in Tomcat, and escalate privileges via LXD.
• Blunder walkthrough. Breaking Bludit CMS.
• Walkthrough Remote. NFS, RCE in CMS Umbraco and LPE via UsoSvc.
• Walkthrough Sauna. LDAP, AS-REP Roasting, AutoLogon, DCSync attack.
• Walkthrough Nest. NTFS streams, C# reverse and SMB browser.
• Walkthrough Traverxec. RCE in the nostromo web server, GTFOBins technique.
• Walkthrough Forest. AS-REP Roasting, DCSync and Pass-The-Hash attacks.
• Postman walkthrough. Redis and WebMin.
Hack The Box. Medium level:
• Completing the Professional Offensive Operations lab. Active Directory pentest.
• Walkthrough of Monteverde. Brutus SMB and LPE via Azure Admins.
• Walkthrough OpenKeys. We break the OpenBSD virtual machine.
• SneakyMailer walkthrough. Phishing email, LPE via PyPI and GTFOBins pip3.
• Fuse walkthrough. RPC, printers and the dangerous SeLoadDriverPrivilege.
• Walkthrough of Cache. RCE in OpenEMR, memcached and docker.
• Walkthrough Admirer. Vulnerability in Admirer and RCE through environment variable substitution.
• Walkthrough Magic. Password spraying. Mysqldump and LPE via sysinfo.
• Walkthrough of Cascade. LDAP and remote Active Directory objects.
• Walkthrough Book. XSS to LFI via PDF and LPE via Logrotate.
• Walkthrough Resolute. Password spraying. From DnsAdmin to SYSTEM.
• Walkthrough Obscurity. OS Command Injection and Race Condition.
• Walkthrough of Mango. NoSQL injection and LPE via JJS.
• Walkthrough of Sniper. RFI and malicious CHM document.
• Bitlab walkthrough. Weak JS obfuscation, GIT and reverse Windows applications.
Hack The Box. Hard level:
• Compromised walkthrough. RCE LiteCart and pam_unix backdoor.
• Walkthrough Unbalanced. Rsync, EncFS, Squid, XPath injection and RCE in Pi-hole.
• Passing Intense. Flask, HLE attack, SQL injection, SNMP to RCE, Ret2Libc.
• Walkthrough of Blackfield. Domain controller capture via SMB and RPC, LPE via shadow copy.
• Walkthrough Travel. Memcache+SSRF=RCE, LPE via LDAP.
• Walkthrough Quick. QUIC HTTP/3, XSLT injection, Race condition.
• Walkthrough Ouch. OAuth2, RCE in uWSGI and LPE via DBUS.
• Forwardslash walkthrough. LFI, backup and encrypted volume.
• Passage of Control. SQL injection and LPE through service rights.
• Passing the Registry. Docker, RCE in CMS Bolt and Restic.
• Walkthrough of Scavenger. DNS, FTP and traces of another hack.
• Walkthrough of Zetta. FXP, IPv6, rsync, Postgres and SQLi.
• Walkthrough RE. Metasploit, workload in an office document, Zip Slip attack, a little about PowerSploit and tokens.
Hack The Box. Insane Level:
• Passage Laser. Jetdirect, RPC and SSH theft.
• Dyplesher walkthrough. Memcached, Gogs, RCE via plugin creation and LPE via AMQP.
• Walkthrough Multimaster. Burp+Sqlmap. AD users from MSSQL. VSCode vulnerability. AMSI bypass and CVE ZeroLogon.
• Walkthrough of Fatty. Reverse and recompile a client-server application. Java deserialization.
• PlayerTwo walkthrough. Twirp, 2FA bypass, Off-By-One attack.
• Walkthrough Rope. PWN. Format strings and ROP using pwntools.
• Walkthrough of Bankrobber. XSS, SQL injection, CSRF, port forwarding.
Additional Information:
• https://github.com/Ignitechnologies/HackTheBox-CTF-Writeups
• https://github.com/Ignitechnologies/Privilege-Escalation
• https://github.com/Ignitechnologies/Vulnhub-CTF-Writeups
• https://github.com/Ignitechnologies/TryHackMe-CTF-Writeups
#Пентест #CTF