reading list
June 23rd, 2026 HTB
A curated list of write-ups and blogs covering the Hack The Box machines released on June 23rd, 2026, including featured challenges from the HTB Business CTF.
4 articles

HTB: GhostLink
GhostLink is a Windows machine rated Hard that covers MQTT topic abuse, NTLM relay to HTTP, LFI via path traversal, KeePass extraction, Gogs CVE-2025-8110 symlink RCE, ESC8, ESC11

HTB: FireFlow
Fireflow is a Linux machine rated Medium that covers Langflow unauthenticated RCE, JWT alg none forgery, MCP tool registry abuse, Kubernetes service account enumeration, kubelet exec API exploitation

HTB: Nexus
Nexus is a Linux machine rated Easy that covers Krayin CRM authenticated RCE, git credential leakage, TinyMCE arbitrary file upload, Gitea API abuse, git tree path traversal privilege escalation

HTB: Orion
Orion is a Linux machine rated Easy that covers CraftCMS unauthenticated RCE, MySQL credential dumping, bcrypt hash cracking, GNU inetutils telnet privilege escalation