id0xa.hashnode.devHackTheBox - Command Injections - Skills Assessment WalkthroughScenario You are contracted to perform a penetration test for a company, and through your pentest, you stumble upon an interesting file manager web application. As file managers tend to execute system commands, you are interested in testing for comma...Jul 25, 2025·2 min read
id0xa.hashnode.devHackTheBox - Broken Authentication - Skills Assessment WalkthroughScenario You are tasked to perform a security assessment of a client's web application. For the assessment, the client has not provided you with credentials. Apply what you have learned in this module to obtain the flag. Walkthrough Navigate to the t...Jul 24, 2025·3 min read
id0xa.hashnode.devHackTheBox - Web Service & API Attacks - Skills Assessment WalkthroughScenario Our client tasks us with assessing a SOAP web service whose WSDL file resides at http://<TARGET IP>:3002/wsdl?wsdl. Assess the target, identify an SQL Injection vulnerability through SOAP messages and answer the question below. Submit the pa...Jul 24, 2025·3 min read
id0xa.hashnode.devHackTheBox - Login Brute Forcing - Skills Assessment WalkthroughScenario - Part 1 The first part of the skills assessment will require you to brute-force the the target instance. Successfully finding the correct login will provide you with the username you will need to start Skills Assessment Part 2. You might fi...Jul 21, 2025·3 min read
id0xa.hashnode.devHackTheBox - Information Gathering - Web Edition - Skills Assessment WalkthroughScenario To complete the skills assessment, answer the questions below. You will need to apply a variety of skills learned in this module, including: Using whois Analysing robots.txt Performing subdomain bruteforcing Crawling and analysing result...Jul 21, 2025·3 min read
