Sorted by HTB Difficulty Rating & Order
- ScriptKiddie: Metasploit APK Template Command Injection, sh -c Command Execution (TO REVIEW OFFICIAL WALKTHROUGH)
- Delivery: Credentials through Bad Email Configuration, Privilege Escalation using HashCat (TO REVIEW OFFICIAL WALKTHROUGH)
- Love: (TO REVIEW OFFICIAL WALKTHROUGH)
- Lame: Port 445 Netbios Samba Username Map Script Command Execution
- Legacy: MS08_067 NetAPI Remote Code Execution Vulnerability
- Devel: ASPX Reverse Shell (IIS) through FTP Upload
- Beep: Port 443 VTigerCRM (Elastix) Local File Inclusion LFI Exploit, SSH through Credential Reuse
- Optimum: Port 80 HFS 2.3 Remote Code Execution
- Arctic: Port 8500 FMTP Adobe ColdFusion 8 Directory Traversal, JSP Reverse Shell through Task Scheduler
- Grandpa: Port 80 Microsoft IIS WebDav ScStoragePathFromUrl Overflow
- Granny: Port 80 Microsoft IIS WebDav ScStoragePathFromUrl Overflow
- Bank: Port 80 Unencrypted Credentials discovered through GoBuster, SUID Privilege Escalation
- Blocky: Port 80 Credentials discovered through GoBuster, SSH through Credential Reuse
- Blue: MS17_010 EternalBlue
- Mirai: Port 22 SSH with Default Password, Root Flag in USB Device
- Shocker: Port 80 Shellshock Vulnerability
- Sense: