HackTheBox Writeups

Medium

HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

DevArea is a Medium-difficulty HackTheBox machine from Season 10 featuring an internal developer platform exposed across multiple services. The exploitation chain begins with anonymous FTP access to a leaked JAR file, which reveals an Apache CXF SOAP service vulnerable to a critical XOP/MTOM Local File Inclusion (CVE-2022-46364 / CVE-2022-46363). Reading the HoverFly systemd service file leaks admin credentials, which are used to authenticate against the HoverFly Admin API and obtain a JWT token. From there, a malicious middleware payload injected via the /api/v2/hoverfly/middleware endpoint delivers a reverse shell as dev_ryan. Privilege escalation to root exploits a world-writable /bin/bash binary combined with a sudo-permitted script to plant a root-owned SUID shell. This writeup provides a complete step-by-step walkthrough with detailed technical analysis of each exploitation stage.

Mar 30, 2026

17 min

hackthebox htb linux cve-2022-46364

Easy

HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape

Kobold is an Easy-difficulty HackTheBox machine from Season 10 built around modern AI tooling infrastructure. The attack chain begins with subdomain enumeration uncovering an MCPJam Inspector instance vulnerable to CVE-2026-23744 — a critical unauthenticated RCE in the /api/mcp/connect endpoint that allows arbitrary command execution via a crafted serverConfig payload. This delivers a reverse shell as the user ben. Privilege escalation exploits an implicit Docker group membership accessible via newgrp docker, which is leveraged to mount the host filesystem inside a root-running MySQL container and read the root flag directly — a textbook Docker socket escape. This writeup provides a complete step-by-step walkthrough with beginner-friendly explanations of each technique.

Mar 30, 2026

14 min

hackthebox htb linux cve-2026-23744

From Zero to Root: A Beginner's Complete Guide to Solving HTB Easy Machines in 2026

New to Hack The Box? This complete 2026 beginner's guide walks you through every step — from setting up your VPN to rooting your first Easy machine. Tools, methodology, tips, and real examples inside.

Mar 24, 2026

9 min

HackTheBox HTB CTF Beginner

Medium

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

VariaType is a cutting-edge HackTheBox machine from Season 10 featuring a web-based variable font generator. The exploitation chain involves chaining three critical vulnerabilities—fontTools CVE-2025-66034 for initial webshell creation, FontForge CVE-2024-25081 for lateral privilege escalation to the steve user, and a setuptools PackageIndex path traversal vulnerability for root access. This writeup provides complete step-by-step instructions with detailed technical analysis of each exploit mechanism.

Mar 15, 2026

20 min

hackthebox htb linux cve-2025-66034

Easy

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

A comprehensive walkthrough of the CCTV machine from HackTheBox Season 10. This Medium-difficulty Linux machine writeup covers ZoneMinder default credentials, exploiting CVE-2024-51482 SQL injection to extract and crack bcrypt hashes, leveraging a tcpdump Linux capability to sniff plaintext credentials from Docker network traffic, SSH port forwarding to expose an internal MotionEye instance, and achieving root via CVE-2025-60787 remote code execution using Metasploit. A must-read for penetration testers tackling multi-step Linux exploitation chains.

Mar 8, 2026

16 min

hackthebox htb cctv linux

Hard

Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough

A comprehensive walkthrough of the Pirate machine from HackTheBox Season 10. This Hard-difficulty Windows machine writeup covers initial access with provided credentials, Active Directory enumeration, lateral movement strategies, privilege escalation techniques, and achieving SYSTEM access. Learn how to compromise this challenging HTB Windows machine with detailed methodology, practical command examples, and SEO-optimized content for cybersecurity professionals.

Mar 4, 2026

33 min

hackthebox htb pirate windows

Medium

Interpretor HackTheBox Writeup — Complete Machine Walkthrough

A comprehensive walkthrough of the Interpretor machine from HackTheBox. This writeup covers reconnaissance, enumeration techniques, initial foothold exploitation, lateral movement strategies, and privilege escalation to root. Learn how to compromise this challenging HTB machine with detailed methodology and practical command examples.

Feb 23, 2026

14 min

hackthebox htb Mirth Connect PBKDF2

Easy

WingData HackTheBox Walkthrough – Season 10 Full Exploit & Root Guide

WingData is a HackTheBox Season 10 machine that challenges players with realistic enumeration, service exploitation, and privilege escalation techniques. This walkthrough breaks down the full attack chain from initial reconnaissance to root, with clear commands and practical reasoning for each step.

Feb 15, 2026

16 min

htb hackthebox wingdata season 10

Insane

Hack The Box Sorcery Writeup (Season 8) – Complete Walkthrough | Insane Linux Machine

Sorcery is a Medium difficulty Linux machine from Hack The Box Season 8 that focuses on web application exploitation, misconfigurations, and privilege escalation techniques. In this walkthrough, we perform full reconnaissance, identify the attack surface, exploit vulnerabilities to gain initial access, and escalate privileges to root. This guide breaks down every phase of the attack chain with practical methodology and command examples, making it ideal for penetration testers, red teamers, and HTB players preparing for real-world scenarios.

Feb 12, 2026

53 min

hackthebox htb hackthebox htb

Medium

Pterodactyl Hack The Box Write-Up-Medium Linux Machine Walkthrough

This write-up covers the full compromise of the Pterodactyl machine from Hack The Box, a Medium-difficulty Linux challenge. It walks through initial reconnaissance, service enumeration, vulnerability discovery, exploitation paths, and the privilege escalation techniques required to achieve root access. Ideal for penetration testers and CTF players looking to sharpen real-world Linux exploitation skills and structured attack methodology.

Feb 9, 2026

14 min

htb hackthebox linux medium

Easy

Facts Hack The Box Writeup-Sudo Privilege Escalation via Facter (Linux)

In this walkthrough of the Facts machine from Hack The Box, we exploit a misconfigured sudo rule allowing the execution of Facter as root. By abusing Facter's --custom-dir option, we load a malicious Ruby fact file that executes with UID 0. Instead of spawning an unstable shell, we apply the SetUID bit to /bin/bash, gaining a persistent root shell via bash -p. This writeup covers enumeration, attack reasoning, exploitation mechanics, and a clean privilege escalation path to root.

Feb 1, 2026

9 min

htb Linux htb hackthebox

Easy

Conversor Hack The Box Writeup & Walkthrough (XSLT Injection, Linux PrivEsc)

Step-by-step Conversor Hack The Box walkthrough covering XSLT injection, remote code execution, reverse shell via cron jobs, SQLite credential extraction, SSH access, and Linux privilege escalation using CVE-2024-48990 (needrestart). Ideal for penetration testers, red teamers, and CTF players seeking real-world Linux exploitation techniques.

Jan 30, 2026

11 min

hackthebox htb linux xslt-injection

Medium

Signed Hack The Box Writeup & Walkthrough (Windows, AD CS, Certificate Abuse)

Step-by-step Signed Hack The Box walkthrough covering Windows enumeration, Active Directory Certificate Services (AD CS) abuse, certificate-based authentication attacks, lateral movement, and privilege escalation to SYSTEM. Ideal for penetration testers, red teamers, and CTF players focusing on modern Active Directory attack paths.

Jan 30, 2026

36 min

hackthebox htb windows active-directory

Insane

Hercules HackTheBox Writeup & Walkthrough (Active Directory, Windows, PrivEsc)

Step-by-step Hercules HackTheBox walkthrough for 2026. Learn enumeration, Windows and Active Directory exploitation, privilege escalation, and CTF skills. Ideal for penetration testers, red teamers, and cybersecurity enthusiasts seeking real-world attack paths and solutions.

Jan 25, 2026

80 min

htb windows kerberos nxc

Hard

HTB Fries-complete Writeup

Fries is a full enterprise-style attack chain where a leaked pgAdmin credential leads to Docker RCE, NFS loot, LDAP credential capture, and finally AD CS (ESC6 + ESC16) abuse to forge an Administrator certificate. It's a complete pivot-through-every-layer machine ending in total domain compromise.

Jan 19, 2026

52 min

htb windows nmap pwm

Medium

HackTheBox Gavel Walkthrough (Linux – Medium)

This HackTheBox Gavel writeup provides a full walkthrough for the Linux Medium machine from Season 9. it covers the entire exploitation chain, including enumeration, misconfiguration discovery, service abuse, gaining an initial foothold, and achieving root through privilege escalation. This guide is designed for learners who want a clear, realistic, attacker-focused approach to solving HTB gavel machine and improving their penetration testing skills.

Nov 30, 2025

5 min

pentesting htb hackthebox

Easy

Eighteen — HTB S9 machine Writeup

From low MSSQL creds to DA via impersonation, web hash crack, and WinRM. Abuse Bad Successor (dMSA) on Server 2025 to dump NTDS and take Administrator.

Nov 29, 2025

9 min

htb writeups activemachines hackthebox

Hard

HTB NanoCorp

A full walkthrough of HTB NanoCorp, covering Windows exploitation, Active Directory abuse, NTLM relay, and privilege escalation techniques.

Nov 11, 2025

8 min

HackTheBox HTB Writeup NanoCorp Windows Exploitation

Easy

HTB CodePartTwo Walkthrough

A full walkthrough and exploitation guide for the HTB CodePartTwo machine, covering enumeration, vulnerability analysis, exploitation, and privilege escalation.

Oct 29, 2025

7 min

pentesting htb hackthebox

Hard

Guardian HTB

A step-by-step penetration testing walkthrough of the Guardian machine on HackTheBox.

Oct 28, 2025

18 min

pentesting htb hackthebox

Hard

DarkZero HTB

A detailed walkthrough of the HackTheBox DarkZero machine including initial enumeration, database exploitation, and privilege escalation to domain admin.

Oct 7, 2025

6 min

pentesting htb hackthebox

Easy

HackTheBox Expressway

A detailed walkthrough of the HackTheBox Expressway machine including initial enumeration, foothold, and privilege escalation.

Sep 21, 2025

5 min

pentesting htb hackthebox