Write-ups

These were all active machines I played during Season 8 of Hack The Box (May-August 2025).

My journey through Hack The Box machines and bug bounty challenges

More Write-ups on Medium

Most of my Hack The Box machine write-ups are available on my Medium profile with detailed explanations and step-by-step guides.

Visit Medium

Editor

HTB MachineEasy

A Linux machine involving XWiki exploitation via CVE-2025-24893, credential extraction, and PATH hijacking for privilege escalation.

XWikiCVE-2025-24893RCE+4 more
2025-08-04Read more →

Era

HTB MachineMedium

A Linux machine involving vhost enumeration, IDOR vulnerability, hash cracking, SSRF exploitation, and binary signing for privilege escalation.

Vhost EnumerationIDORHash Cracking+4 more
2025-07-31Read more →

JinjaCare

Bug Bounty CTF

A web application vulnerability challenge focusing on SSTI (Server-Side Template Injection) and RCE exploitation techniques.

SSTIRCEFlask+3 more
2025-06-27Read more →

NeoVault

Bug Bounty CTF

A banking web application challenge involving MongoDB Object ID prediction and JWT token exploitation.

MongoDBJWTIDOR+2 more
2025-06-29Read more →

Code

HTB MachineEasy

A Python-based web application with command injection vulnerabilities and privilege escalation challenges.

PythonCommand InjectionPrivilege Escalation+1 more
2025-06-28Read more →

Nocturnal

HTB Machine

A challenging Hack The Box Linux-based machine involving web exploitation and privilege escalation techniques.

Web ExploitationPrivilege EscalationLinux
2025-06-29Read more →

Dog

HTB MachineEasy

A Linux machine involving git repository dumping, RCE exploitation, and privilege escalation through sudo misconfiguration.

Git DumpingRCEPrivilege Escalation+2 more
2025-07-20Read more →

Outbound

HTB MachineEasy

A Linux machine featuring Roundcube webmail exploitation, session decryption, and privilege escalation through log symlink vulnerability.

RoundcubeRCESession Decryption+2 more
2025-07-20Read more →