Strutted (Medium) | Hack The Box

Products

Solutions for

Teams

Schools

Individuals

Products we offer

Courses & Certifications

Cyber Ranges

Enterprise Attack Simulations

Gamified Team Assessments

Workforce Exercises
new

Talent Sourcing

View all products for teams

Academy for Business

Build cybersecurity talent from within.

An interactive and guided skills development platform for corporate teams
looking to master offensive, defensive, and general security domains.

Read more

Start a free trial

Dedicated Labs

Deal with the latest attacks and cyber threats!

Ensure learning retention with hands-on skills development through a
growing collection of real-world scenarios in a dedicated team environment.

Read more

Start a free trial

Professional Labs

Assess an organization's security posture.

Assess and certify your team's skills and problem-solving abilities
with complex, realistic corporate scenarios.

Enterprise Labs

Cloud Labs

Get a demo

Capture The Flag

Where is your organization standing?

Benchmark your team capability and analyze skill gaps with engaging
competitions featuring market-leading cybersecurity content.

Host your private CTF

Get a demo

Crisis Control

AI-powered tabletops for executive and cyber teams

We are redefining traditional TTXs to fully measure and develop
organizational crisis readiness. See how your staff reacts under pressure
and protect the pivotal assets in your organization.

Book a call

Read more

Talent Search

Recruit and develop your next team member!

Source future talent directly from our 2.5M community of skilled
individuals and develop clear career paths.

Read more

Get a demo

Products we offer

Courses & Learning Paths

Hands-on Labs

Gamified Team Exercises

Industry Certifications

Programs

Student programs

Teacher programs

View all products for schools

HTB Academy

Start your cybersecurity journey.

From comprehensive beginner-level to advanced online courses covering
offensive, defensive, or general security domains.

Get a demo

Dedicated Labs

Deal with the latest attacks and cyber threats!

Ensure learning retention with hands-on skills development through a
growing collection of real-world scenarios in a dedicated classroom
environment.

Get a demo

Capture The Flag

Where is your classroom standing?

Benchmark your classroom capability and analyze skill gaps with
engaging competitions featuring market-leading cybersecurity content.

Host your private CTF

Industry Certifications

Create market-ready cybersecurity professionals.

Bridge the gap between education and the dynamic job market with
industry recognized certifications.

Get a demo

Student Programs

Student subscription.

Unlock 40+ courses on HTB Academy for $8/month. Kickstart your
cyber career from the fundamentals.

Start now

Teacher Programs

Classroom plans.

Access exclusive business features and training service by bringing HTB
to your classroom.

Get a demo

Products we offer

Courses & Learning Paths

Hands-on Labs

Gamified Hacking Events

Job Board
11+ jobs available

Industry Certifications

View all products for individuals

HTB Academy

Start your cybersecurity journey.

From comprehensive beginner-level to advanced online courses
covering offensive, defensive, or general security domains.

Get started for free

HTB Labs

Where real hackers level up!

An ever-expanding pool of labs with new scenarios released every week.

Hacking Labs

Defensive Labs

Red Teams Labs

Join now

Capture The Flag

Looking for a real gamified hacking experience?

Measure your skills in dynamic cybersecurity competitions.

HTB Seasons

Hacking Battlegrounds

Join a CTF event

Job Board

Land your first job in cyber.

Recruiters from the best companies worldwide are hiring through
Hack The Box.

Apply now

Industry Certifications

Become a market-ready cybersecurity professional.

Skyrocket your resume and land your dream job with industry recognized
certifications.

Start now
Solutions

Job Roles

Red Teams

Blue Teams

Purple Teams

Industries

Government

Finance

Manufacturing

Healthcare

Consulting

Use Cases

Technical onboarding and talent retention

Team capabilities benchmarking and gap analysis

Internal and external candidate assessment

Emerging threats and tactic response preparation

Code vulnerability and risk mitigation

Governance and compliance

Real-time breach and crisis simulation

Customer Stories

Toyota & Hack The Box: bridge the
knowledge gap between security and cloud.

View all customer stories
Pricing
Resources

Resource Hub

Educational resources for hackers, schools and teams.

Explore all resources

Discord Server

Join over 250K hackers interacting and learning.

Hang out

Community

Upcoming Events

Meetups

Affiliate Program

SME Program

Ambassador Program

Parrot OS

Get Help

Help Center

Contact Support

From the Blog

High-profile cyberattacks dent CISOs’ crisis confidence, sparking surge in 2025 crisis simulation budgets

Read more articles

Industry Reports

New release: 2024 Cyber Attack Readiness Report 💥

We threw 58 enterprise-grade security challenges at 943 corporate
teams and 4,944 security professionals from different industries. Here's
what we learned based on their performance and future security trends.

Download your guide
Company

Company

About us

Careers

Social Impact

Brand Guidelines

Certificate Validation

Legal

Contact us

Press

Partners

Enterprise Sales

Connect

LinkedIn

X

Youtube

Facebook

Why Hack The Box?

Work @ Hack The Box

Join our mission to create a safer cyber world by making cybersecurity
training fun and accessible to everyone. No boundaries, no limitations.

View open jobs

Featured News

Access specialized courses with the HTB Academy Gold annual plan.

Read more news

Store

HTB Swag

Buy Gift Cards

Business

Start free trial

Our all-in-one cyber readiness platform free for 14 days

Get a demo

Get in touch with our team of experts for a tailored solution

Strutted 644

RETIRED MACHINE

Strutted

Strutted - Linux

Linux

Strutted - Medium

Medium

4.6

MACHINE RATING

205

USER OWNS

202

SYSTEM OWNS

23/01/2025

RELEASED

Created by TheCyberGeek & 7u9y

Machine Synopsis

`Strutted` is an medium-difficulty Linux machine featuring a website for a company offering image hosting solutions. The website provides a Docker container with the version of Apache Struts that is vulnerable to `[CVE-2024-53677](https://nvd.nist.gov/vuln/detail/CVE-2024-53677)`, which is leveraged to gain a foothold on the system. Further enumeration reveals the `tomcat-users.xml` file with a plaintext password used to authenticate as `james`. For privilege escalation, we abuse `tcpdump` while being used with `sudo` to create a copy of the `bash` binary with the `SUID` bit set, allowing us to gain a `root` shell.

Machine Matrix

Ready to start your
hacking journey?

Join Now