Skip to content

Sorcery - Hack The Box

Sorcery Pwned

🚩 This is an exclusive writeup.
The full detailed walkthrough for the Sorcery (Insane) box will only be shared on Telegram.

👉 Join my Telegram channel to get exclusive access!

Overview

Machine Name: Sorcery
OS: Linux
Difficulty: Insane

Skills Covered:

  • Advanced Web Enumeration
  • NoSQL/GraphQL Injection
  • Server-Side Request Forgery (SSRF)
  • DNS Manipulation
  • Phishing & MITM Attacks
  • Advanced Linux Privilege Escalation (Docker & IPA)

🔍 Hints

  • Initial Foothold:
    Explore the web carefully. Sometimes, databases speak a different language (GraphQL/Cypher injection).

  • Privilege Escalation:
    Containers and internal services can reveal secrets. Watch closely what traffic you can manipulate (SSRF to internal Kafka broker).

Writeup Access

⚠️ Exclusive Content!
The complete step-by-step guide, PoCs, payloads, and full exploitation path will not be publicly available here.

🔐 Access the full writeup on Telegram →

© 2025 NoSec. All rights reserved.