Crafty (Easy) Box Overall a very fun box. Crafty is a retired box that explores a Log4j vulnerability present in a 1.16.16 Minecraft Server. Initial Foothold Reading the description, the box has a pre-auth Log4j vulnerability. But before going into that, we should scan the ports. sudo nmap …

Sneaky (Medium) Box Sneaky is a retired box focusing on IPv6 connections and buffer overflow vulnerabilities. Initial Foothold Enumerating through the box, we see there is an HTTP server available. Let’s fuzz this and see if we can find anything. After fuzzing, we see that there is a /dev page …

Beep (Easy) Write-Up - HTB Beep is a retired machine released back in 2017. Upon preview, the description doesn’t really give us a lot. Initial Foothold We can enumerate through the website using a tool like ffuf or gobuster. Using either, we’re able to map out the website. At face value …