HackTheBox Writeups - Hacking Articles

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

VariaType is a cutting-edge HackTheBox machine from Season 10 featuring a web-based variable font generator. The exploitation chain involves chaining three critical vulnerabilities—fontTools CVE-2025-66034 for initial webshell creation, FontForge CVE-2024-25081 for lateral privilege escalation to the steve user, and a setuptools PackageIndex path traversal vulnerability for root access. This writeup provides complete step-by-step instructions with detailed technical analysis of each exploit mechanism.

20 min

Easy

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

A comprehensive walkthrough of the CCTV machine from HackTheBox Season 10. This Medium-difficulty Linux machine writeup covers ZoneMinder default credentials, exploiting CVE-2024-51482 SQL injection to extract and crack bcrypt hashes, leveraging a tcpdump Linux capability to sniff plaintext credentials from Docker network traffic, SSH port forwarding to expose an internal MotionEye instance, and achieving root via CVE-2025-60787 remote code execution using Metasploit. A must-read for penetration testers tackling multi-step Linux exploitation chains.

16 min

hackthebox htb cctv linux

Hard

Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough

A comprehensive walkthrough of the Pirate machine from HackTheBox Season 10. This Hard-difficulty Windows machine writeup covers initial access with provided credentials, Active Directory enumeration, lateral movement strategies, privilege escalation techniques, and achieving SYSTEM access. Learn how to compromise this challenging HTB Windows machine with detailed methodology, practical command examples, and SEO-optimized content for cybersecurity professionals.

33 min

hackthebox htb pirate windows

Medium

Interpretor HackTheBox Writeup — Complete Machine Walkthrough

A comprehensive walkthrough of the Interpretor machine from HackTheBox. This writeup covers reconnaissance, enumeration techniques, initial foothold exploitation, lateral movement strategies, and privilege escalation to root. Learn how to compromise this challenging HTB machine with detailed methodology and practical command examples.

14 min

hackthebox htb Mirth Connect PBKDF2

Easy

WingData HackTheBox Walkthrough – Season 10 Full Exploit & Root Guide

WingData is a HackTheBox Season 10 machine that challenges players with realistic enumeration, service exploitation, and privilege escalation techniques. This walkthrough breaks down the full attack chain from initial reconnaissance to root, with clear commands and practical reasoning for each step.

16 min

htb hackthebox wingdata season 10

Insane

Hack The Box Sorcery Writeup (Season 8) – Complete Walkthrough | Insane Linux Machine

Sorcery is a Medium difficulty Linux machine from Hack The Box Season 8 that focuses on web application exploitation, misconfigurations, and privilege escalation techniques. In this walkthrough, we perform full reconnaissance, identify the attack surface, exploit vulnerabilities to gain initial access, and escalate privileges to root. This guide breaks down every phase of the attack chain with practical methodology and command examples, making it ideal for penetration testers, red teamers, and HTB players preparing for real-world scenarios.

53 min

hackthebox htb hackthebox htb

Medium

Pterodactyl Hack The Box Write-Up-Medium Linux Machine Walkthrough

This write-up covers the full compromise of the Pterodactyl machine from Hack The Box, a Medium-difficulty Linux challenge. It walks through initial reconnaissance, service enumeration, vulnerability discovery, exploitation paths, and the privilege escalation techniques required to achieve root access. Ideal for penetration testers and CTF players looking to sharpen real-world Linux exploitation skills and structured attack methodology.

14 min

htb hackthebox linux medium

Easy

Facts Hack The Box Writeup-Sudo Privilege Escalation via Facter (Linux)

In this walkthrough of the Facts machine from Hack The Box, we exploit a misconfigured sudo rule allowing the execution of Facter as root. By abusing Facter's --custom-dir option, we load a malicious Ruby fact file that executes with UID 0. Instead of spawning an unstable shell, we apply the SetUID bit to /bin/bash, gaining a persistent root shell via bash -p. This writeup covers enumeration, attack reasoning, exploitation mechanics, and a clean privilege escalation path to root.

9 min

htb Linux htb hackthebox

Easy

Conversor Hack The Box Writeup & Walkthrough (XSLT Injection, Linux PrivEsc)

Step-by-step Conversor Hack The Box walkthrough covering XSLT injection, remote code execution, reverse shell via cron jobs, SQLite credential extraction, SSH access, and Linux privilege escalation using CVE-2024-48990 (needrestart). Ideal for penetration testers, red teamers, and CTF players seeking real-world Linux exploitation techniques.

11 min

hackthebox htb linux xslt-injection

Medium

Signed Hack The Box Writeup & Walkthrough (Windows, AD CS, Certificate Abuse)

Step-by-step Signed Hack The Box walkthrough covering Windows enumeration, Active Directory Certificate Services (AD CS) abuse, certificate-based authentication attacks, lateral movement, and privilege escalation to SYSTEM. Ideal for penetration testers, red teamers, and CTF players focusing on modern Active Directory attack paths.

36 min

hackthebox htb windows active-directory

Insane

Hercules HackTheBox Writeup & Walkthrough (Active Directory, Windows, PrivEsc)

Step-by-step Hercules HackTheBox walkthrough for 2026. Learn enumeration, Windows and Active Directory exploitation, privilege escalation, and CTF skills. Ideal for penetration testers, red teamers, and cybersecurity enthusiasts seeking real-world attack paths and solutions.

80 min

htb windows web kerberos

Hard

HTB Fries-complete Writeup

Fries is a full enterprise-style attack chain where a leaked pgAdmin credential leads to Docker RCE, NFS loot, LDAP credential capture, and finally AD CS (ESC6 + ESC16) abuse to forge an Administrator certificate. It's a complete pivot-through-every-layer machine ending in total domain compromise.

52 min

htb windows nmap web

Medium

HackTheBox Gavel Walkthrough (Linux – Medium)

This HackTheBox Gavel writeup provides a full walkthrough for the Linux Medium machine from Season 9. it covers the entire exploitation chain, including enumeration, misconfiguration discovery, service abuse, gaining an initial foothold, and achieving root through privilege escalation. This guide is designed for learners who want a clear, realistic, attacker-focused approach to solving HTB gavel machine and improving their penetration testing skills.

5 min

pentesting htb hackthebox

Easy

Eighteen — HTB S9 machine Writeup

From low MSSQL creds to DA via impersonation, web hash crack, and WinRM. Abuse Bad Successor (dMSA) on Server 2025 to dump NTDS and take Administrator.

9 min

htb writeups activemachines hackthebox

Hard

HTB NanoCorp

A full walkthrough of HTB NanoCorp, covering Windows exploitation, Active Directory abuse, NTLM relay, and privilege escalation techniques.

8 min

HackTheBox HTB Writeup NanoCorp Windows Exploitation

Easy

HTB CodePartTwo Walkthrough

A full walkthrough and exploitation guide for the HTB CodePartTwo machine, covering enumeration, vulnerability analysis, exploitation, and privilege escalation.

7 min

pentesting htb hackthebox

Hard

Guardian HTB

A step-by-step penetration testing walkthrough of the Guardian machine on HackTheBox.

18 min

pentesting htb hackthebox

Hard

DarkZero HTB

A detailed walkthrough of the HackTheBox DarkZero machine including initial enumeration, database exploitation, and privilege escalation to domain admin.

6 min

pentesting htb hackthebox

Easy

HackTheBox Expressway

A detailed walkthrough of the HackTheBox Expressway machine including initial enumeration, foothold, and privilege escalation.

5 min

pentesting htb hackthebox