HackPath

Master the Art of Penetration Testing

Your Guide Through Every Challenge

Comprehensive walkthroughs, detailed explanations, and practical insights for CTF challenges across multiple platforms. Level up your cybersecurity skills one machine at a time.

Explore Walkthroughs → Read Articles

Everything You Need to Succeed

Designed with both beginners and advanced practitioners in mind

Detailed Walkthroughs

Step-by-step guides with commands, screenshots, and comprehensive explanations for every challenge.

Active Machine Protection

Spoiler protection for active CTF challenges with smart lock system during competition periods.

Smart Search & Filters

Find walkthroughs by platform, difficulty, tags, or search terms to quickly locate what you need.

Recent Walkthroughs

Latest challenges solved and documented

View All →

HackTheBox Medium

Jeeves - HackTheBox

Medium-difficulty Windows box featuring unauthenticated Jenkins exploitation via Groovy Script Console, followed by SeImpersonatePrivilege abuse with JuicyPotato for privilege escalation. Root flag hidden in NTFS Alternate Data Streams.

#Alternate Data Streams #Jenkins #Juicy-Potato

Jan 18, 2026 Read more →

HackTheBox Easy

Fluffy - HackTheBox

Easy-difficulty Windows Active Directory box featuring CVE-2025-24071 SMB coercion for initial access, Shadow Credentials attacks via GenericWrite abuse for lateral movement, and ADCS ESC16 exploitation for privilege escalation to Domain Admin.

#Active Directory #BloodHound #CVE-2025-24071

Jan 16, 2026 Read more →

TryHackMe Medium

Mindgames - TryHackMe

Medium-difficulty Linux box featuring RCE through Brainfuck-encoded Python execution, followed by automated enumeration and privilege escalation via CVE-2021-4034 (PwnKit).

#Brainfuck #Linux #PwnKit

Jan 09, 2026 Read more →

TryHackMe Medium

Safezone - TryHackMe

Medium Linux CTF combining Apache log poisoning, authentication bruteforcing, command injection filter bypass, and creative sudo exploitation. Multiple privilege escalation paths from web to root.

#Command Injection #Linux #Log Poisoning

Dec 20, 2025 Read more →

HackTheBox Medium Locked

Imagery - HackTheBox

A medium-rated Linux machine, designed to provide hands-on experience with specific web application vulnerabilities(XSS, LFI, OS command Injection) and privilege escalation techniques.

#Linux #Web

Dec 18, 2025 Read more →

Multi-Platform Coverage

Walkthroughs from the most popular CTF platforms

HackTheBox

3 walkthroughs

TryHackMe

2 walkthroughs

Ready to Level Up Your Skills?

Start exploring comprehensive walkthroughs and master the techniques used by professionals.

Start Learning Now