• Search for:

    Yearly Archives: 2025

    1. Home  - 
    2. 2025
      3. ( Page4 )
    31 May, 2025
    Hack The Box: Checker Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Successfully exploited CVE-2023-1545 in Teampass to extract user credentials and leveraged CVE-2023-6199 in BookStack to obtain an OTP, gaining user-level access on the Checker machine. Privilege escalation was achieved by exploiting a sudo script interacting with shared memory, setting the SUID bit on /bin/bash to capture the root flag. A great example of combining application vulnerabilities with creative privilege escalation techniques!

    #Cybersecurity #EthicalHacking #HackTheBox #PenetrationTesting #InfoSec #VulnerabilityResearch #PrivilegeEscalation #CTF #SecurityResearch …

    Learn MoreHack The Box: Checker Machine Walkthrough – Hard Difficulty

    24 May, 2025
    Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , ,

    🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍

    I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive!

    #Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory …

    Learn MoreHack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

    17 May, 2025
    Hack The Box: Heal Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , ,

    Writeup Summary: Heal (Hack The Box)

    This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

    This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

    #HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation …

    Learn MoreHack The Box: Heal Machine Walkthrough – Medium Difficulty

    10 May, 2025
    Hack The Box: Underpass Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , ,

    Successfully completed the “Underpass” machine on Hack The Box! For the user flag, I enumerated SNMP to discover a Daloradius instance, logged in with default credentials, cracked an MD5-hashed password for the svcMosh account, and used SSH to access the user flag in its home directory. To capture the root flag, I escalated privileges by exploiting sudo permissions on mosh-server, obtaining a session key and port to establish a root session and retrieve the flag from /root/root.txt.

    #Cybersecurity #HackTheBox #CaptureTheFlag #PenetrationTesting #LinuxSecurity #PrivilegeEscalation #SNMP #Daloradius #EthicalHacking #InformationSecurity …

    Learn MoreHack The Box: Underpass Machine Walkthrough – Easy Difficulty

    3 May, 2025
    HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)
    Hard Machine , , , , , , , , , , , , , , , , , , , , ,

    Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.

    #CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity …

    Learn MoreHackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

    26 Apr, 2025
    Hack The Box: Vintage Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario!

    hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox …

    Learn MoreHack The Box: Vintage Machine Walkthrough – Hard Difficulty

    19 Apr, 2025
    Hack The Box: Administrator Walkthrough Medium Difficulty
    Medium Machine , , , , , , , , , ,

    Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.

    #ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest …

    Learn MoreHack The Box: Administrator Walkthrough Medium Difficulty

    12 Apr, 2025
    Hack The Box: LinkVortex Machine Walkthrough Easy Difficulty
    Easy Machine , , , , , , , , , ,

    Successfully demonstrated advanced cybersecurity skills by exploiting a Ghost CMS vulnerability (CVE-2023-40028) to access sensitive credentials and secure the user flag. Identified and leveraged a sudo misconfiguration with the CHECK_CONTENT variable to escalate privileges and retrieve the root flag from /root/root.txt. Thrived in this hands-on challenge, sharpening penetration testing expertise! #HackTheBox #Cybersecurity #EthicalHacking #PenetrationTesting #CTF …

    Learn MoreHack The Box: LinkVortex Machine Walkthrough Easy Difficulty

    5 Apr, 2025
    Hack The Box: Ghost Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , , , , , , , , , , , ,

    The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻

    #HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking …

    Learn MoreHack The Box: Ghost Machine Walkthrough – Insane Difficulty

    29 Mar, 2025
    Hack The Box: BlockBlock Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    This walkthrough examines the BlockBlock machine from Hack The Box, classified as a medium-difficulty challenge. The assessment began with the exploitation of an XSS vulnerability, which facilitated credential theft through the Ethereum JSON-RPC API, granting SSH access. Privilege escalation was achieved by leveraging the forge binary to obtain higher privileges, followed by exploiting a misconfigured pacman package manager to gain root access. This engagement underscores the critical importance of securing APIs, implementing robust input validation, and enforcing strict privilege escalation controls to mitigate security risks.

    #HackTheBox #CyberSecurity #PenetrationTesting #CTF #EthicalHacking #XSS #PrivilegeEscalation #BlockchainSecurity …

    Learn MoreHack The Box: BlockBlock Machine Walkthrough – Hard Difficulty