Eric Hogue's Blog

Hack The Box Walkthrough - Sea

In Sea, I exploited a known vulnerability in a CMS to get a shell. Then...

2024, Dec 21 — 15 minute read

In this box, I had to exploit a known vulnerability in a web application, find...

2024, Nov 02 — 14 minute read

In Usage, I had to exploit an SQL Injection and a file upload to get...

2024, Aug 10 — 28 minute read

In IClean, I had to exploit XSS and SSTI to get a shell on the...

2024, Aug 03 — 17 minute read

In this very easy box, I exploited an XSS vulnerability in the page the display...

2024, Jul 20 — 11 minute read

In this machine, I exploited an SSTI vulnerability, cracked a password found in a database,...

2024, Jul 06 — 10 minute read

This was a fun series of challenges that started with some web exploitation and finished...

2024, Jun 08 — 12 minute read

In this challenge, there was a site that used wget to extract the data from...

2024, Jun 08 — 9 minute read

In this box, I exploited a known vulnerability in Apache OFBiz to get a shell....

2024, May 25 — 10 minute read

Monitored is a fairly hard machine. To get a foothold, I had to find credentials...

2024, May 11 — 30 minute read

In this box, I used a known vulnerability to extract the database credentials from a...

2024, Apr 27 — 17 minute read

In Surveillance, I exploited two known vulnerabilities in web applications, cracked a password, and exploited...

2024, Apr 20 — 20 minute read

In Codify I had to exploit a known vulnerability in a sandboxing library, find a...

2024, Apr 06 — 16 minute read

In this machine, I exploited a known vulnerability in Metabase to get a user, and...

2024, Mar 23 — 10 minute read

In this box, I had to enumerate the endpoints of a Spring Boot application, steal...

2024, Mar 02 — 14 minute read