Skip to content

Sorcery - Hack The Box

Sorcery Pwned

wanna go deeper? unlock short videos & early root chains by joining backdoor crew

πŸ’€ join the backdoor crew

🚩 This is an exclusive writeup.
The full detailed walkthrough for the Sorcery (Insane) box will only be shared on Telegram.

πŸ‘‰ Join my Telegram channel to get exclusive access!

Overview

Machine Name: Sorcery
OS: Linux
Difficulty: Insane

Skills Covered:

  • Advanced Web Enumeration
  • NoSQL/GraphQL Injection
  • Server-Side Request Forgery (SSRF)
  • DNS Manipulation
  • Phishing & MITM Attacks
  • Advanced Linux Privilege Escalation (Docker & IPA)

πŸ” Hints

  • Initial Foothold:
    Explore the web carefully. Sometimes, databases speak a different language (GraphQL/Cypher injection).

  • Privilege Escalation:
    Containers and internal services can reveal secrets. Watch closely what traffic you can manipulate (SSRF to internal Kafka broker).

Writeup Access

⚠️ Exclusive Content!
The complete step-by-step guide, PoCs, payloads, and full exploitation path will not be publicly available here.

πŸ” Access the full writeup on Telegram β†’