Skip to content
Home » Challenges » HackTheBox » Easy Machine

Easy Machine

Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍

I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive!

#Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory

Hack The Box: Underpass Machine Walkthrough – Easy Difficulty

Successfully completed the “Underpass” machine on Hack The Box! For the user flag, I enumerated SNMP to discover a Daloradius instance, logged in with default credentials, cracked an MD5-hashed password for the svcMosh account, and used SSH to access the user flag in its home directory. To capture the root flag, I escalated privileges by exploiting sudo permissions on mosh-server, obtaining a session key and port to establish a root session and retrieve the flag from /root/root.txt.

#Cybersecurity #HackTheBox #CaptureTheFlag #PenetrationTesting #LinuxSecurity #PrivilegeEscalation #SNMP #Daloradius #EthicalHacking #InformationSecurity

Hack The Box: LinkVortex Machine Walkthrough Easy Difficulty

Successfully demonstrated advanced cybersecurity skills by exploiting a Ghost CMS vulnerability (CVE-2023-40028) to access sensitive credentials and secure the user flag. Identified and leveraged a sudo misconfiguration with the CHECK_CONTENT variable to escalate privileges and retrieve the root flag from /root/root.txt. Thrived in this hands-on challenge, sharpening penetration testing expertise! #HackTheBox #Cybersecurity #EthicalHacking #PenetrationTesting #CTF

Hack The Box: Alert Machine Walkthrough – Easy Difficulty

We discovered an XSS vulnerability in .md file uploads and the Contacts tab. By embedding an XSS payload and sharing the link, we extracted data from messages.php, revealing a file parameter vulnerable to LFI. This led us to /var/www/statistics.alert.htb/.htpasswd, which contained a hashed password. Using hashid, we identified it as MD5 (APR1-MD5) and cracked it with Hashcat, retrieving the password ManchesterUnited. With these credentials, we accessed the system and captured the user flag.

After logging into statistics.alert.htb, we found port 8080 open. Using SSH port forwarding, we accessed a monitoring site but needed to locate its directory. Checking ps aux, we found it in /opt/website-monitor. We confirmed file access by testing a basic PHP file, which worked. We then uploaded a PentestMonkey reverse shell, but it didn’t execute. To ensure success, we crafted a reliable PHP shell, triggered it, and gained root access.

🔍 #CyberSecurity #BugBounty #EthicalHacking #PenTesting #CTF #HTB #WebSecurity #XSS #LFI #PrivilegeEscalation #Hacking

Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty

A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**.

Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**.

This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks.

#CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF