The Fortress is currently active , Better you just own it first and then enter the last flag to decrypt the writeup.If you completed the fortress then you can simply enter the last flag of the Aker...

Getting TGT using secretdump for usernames got from smb dirs and using rpcclient to chnage the user password , got a zip file that was a memory dump and getting NTLM hash of user lsass mimikatz ad ...

The file todo.txt tells about a username and making a custom-wordlist using cewl , Brute forcing the login using custom python script , We logged into the CMS and exploiting the bludit using manual...

Dumping the .git dir and bypassing the ssrf along with chaining it with the php-deserialization and php-memcache to get a rce then doing some ldapmodify to modify some users entries to get the shel...

Using cewl to make a custom wordlist from thr page author.html , used wfuzz to find the another domain and sqli in the add_edit_event_user.php , using sqlmap to dump the table user_secure and got t...

Fuzzing the hidden dir and then analyzing the python script to excute the command and get an initial shell,And after decrypting the key using superSecureCrypt.py we can get password of user robert ...

Nmap results and Gobuster reveals robot.txt file which is dissallowing a dir called admin-dir running wfuzz against it we got two files contacts.txt and credentials.txt which contains ftp user and ...

Exploiting the openadmin service we get an initial shell and after getting credentials of jimmy in db.php logged in using ssh,Enumerating on a local high port we are joanna and privesc using nano i...

This Box is currently in hackthbox active category , You can access the writeup only if you have either the Administrator user ntlm or the root user password hash from file /etc/shadow.

This Box is currently in hackthbox active category , You can access the writeup only if you have the Administrator user ntlm in md5 format. For More information Go to http://0xprashant.github.io/p...