All latest news and releases on Hack The Box platforms.
New release
Product update
Exclusive
New exclusive Machines are now available in Dedicated Labs.
Shared by jack
• September 03, 2024
Three (3) new exclusive Machines landed in Dedicated Labs in August, focusing on CVE exploitation, Azure Key Vault, Path Traversal, and more!
Identifier
Exploit an SSRF vulnerability in a Python app to retrieve an Azure Key Vault token, decrypt SSH credentials, and ultimately gain root access via command injection in an Azure Function App.
Archive
Exploit an Arbitrary File Read vulnerability to extract credentials from an SQLite database, then escalate privileges by uncovering an administrator password stored in a user-uploaded file.
Shaman
Exploit CVE-2024-40628 and CVE-2024-40629 to gain access to a JumpServer by extracting FTP credentials. You’ll achieve remote code execution (RCE), reset the JumpServer admin credentials, and gain root access via SSH by leveraging MFA.