Eric Hogue's Blog

Hack The Box Walkthrough - Headless

In this very easy box, I exploited an XSS vulnerability in the page the display...

2024, Jul 20 — 11 minute read

In this machine, I exploited an SSTI vulnerability, cracked a password found in a database,...

2024, Jul 06 — 10 minute read

This was a fun series of challenges that started with some web exploitation and finished...

2024, Jun 08 — 12 minute read

In this challenge, there was a site that used wget to extract the data from...

2024, Jun 08 — 9 minute read

In this box, I exploited a known vulnerability in Apache OFBiz to get a shell....

2024, May 25 — 10 minute read

Monitored is a fairly hard machine. To get a foothold, I had to find credentials...

2024, May 11 — 30 minute read

In this box, I used a known vulnerability to extract the database credentials from a...

2024, Apr 27 — 17 minute read

In Surveillance, I exploited two known vulnerabilities in web applications, cracked a password, and exploited...

2024, Apr 20 — 20 minute read

In Codify I had to exploit a known vulnerability in a sandboxing library, find a...

2024, Apr 06 — 16 minute read

In this machine, I exploited a known vulnerability in Metabase to get a user, and...

2024, Mar 23 — 10 minute read

In this box, I had to enumerate the endpoints of a Spring Boot application, steal...

2024, Mar 02 — 14 minute read

In Keeper, I used default credentials to get into a ticketing application. I found the...

2024, Feb 10 — 8 minute read

This was a really fun box. I had to get the source code of a...

2024, Jan 27 — 32 minute read

In Zipping, I had to exploit three different vulnerabilites to get a shell. A Local...

2024, Jan 13 — 13 minute read

In Sau, I exploited two known vulnerabilities. One in Maltrail to get a shell. And...

2023, Dec 28 — 10 minute read