Hack The Box

We’ve introduced three new exclusive and five training machines to Dedicated Labs and one exclusive challenge.

___________________________________________________________

The retired community machines from 20th September to 20th October are detailed below.

- A Hard Difficulty Linux machine that involves the exploitation of an LFI vulnerability to extract the configuration secret of Bind9. ​

- A medium-difficulty Linux machine that highlights security problems caused by how a solution is structured.

- An Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. ​

- A hard Linux machine that starts off with an image gallery website, which is prone to a second-order SQL injection leading to the discovery of BCrypt hashes.

- A medium-difficulty Windows machine featuring two recent CVEs: CVE-2023-38146, affecting Windows 11 themes, and CVE-2023-28252, targeting the Common Log File System (CLFS).

- Snoopy
 - A Hard Difficulty Linux machine that involves the exploitation of an LFI vulnerability to extract the configuration secret of Bind9. ​
- Format
 - A medium-difficulty Linux machine that highlights security problems caused by how a solution is structured.
- PC
 - An Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. ​
- Intentions
 - A hard Linux machine that starts off with an image gallery website, which is prone to a second-order SQL injection leading to the discovery of BCrypt hashes.
- Aero
 - A medium-difficulty Windows machine featuring two recent CVEs: CVE-2023-38146, affecting Windows 11 themes, and CVE-2023-28252, targeting the Common Log File System (CLFS).

Looking for more content, features, or a place to leave feedback?

Book your spot for a 15-minute call where we can discuss how to level up your training!

October-2023 Updates - New Exclusive & Training Machines

Platform

Enterprise

Academy

Swag

Blog

Forum

Newsroom

Hack The Box Platform

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Difficulty	Very Easy - Penetration Tester Level 1
Areas of Interest	Systems & Privilege Escalation
Technologies	Ubuntu, Gnu C library
Languages	Python, C
Skills	CVE Exploitation
CVSS Score	7.8 (High)

Difficulty	Very Easy - Penetration Tester Level 2
Areas of Interest	Web Applications, Authentication & Authorization
Technologies	Atlassian Confluence
Languages	Python
Skills	CVE Exploitation
CVSS Score	10 (Critical)

Difficulty	Easy - Penetration Testing Level 1
Areas of Interest	Systems & Networking
Technologies	Libcue, GNOME Desktop, LinkStack
Languages	Bash
Skills	CVE Exploitation
CVSS Score	8.8 (High)

Difficulty	Medium - Penetration Testing Level 2
Areas of Interest	Artificial Intelligence & Machine Learning
Technologies	OpenAI, Jupyter Notebook
Languages	Python
Skills	Prompt Injection

October-2023 Updates - New Exclusive & Training Machines

NEW EXCLUSIVE MACHINES

Looney

Influence

Cued

EXCLUSIVE CHALLENGES

Nooto (Artificial Intelligence):

NEW TRAINING MACHINES

Snoopy

Format

PC

Intentions

Aero