• Search for:

    Category Archives: Easy Machine

    1. Home  - Challenges HackTheBox
    2. Archive by category "Easy Machine"
    11 Apr, 2026
    Hack The Box: Eighteen Machine Walkthrough – Easy Difficulity
    Easy Machine , , , , , , , , , , ,

    Just completed the Eighteen machine on Hack The Box — a great example of chaining multiple techniques from initial access to full domain compromise.

    Gained initial foothold by cracking WinRM credentials (adam.scott / iloveyou1) and accessing the system via Evil-WinRM. From there, escalated privileges by abusing Delegated Managed Service Accounts (DMSA) using BadSuccessor, allowing impersonation of the Administrator.

    Set up a Ligolo-ng tunnel to reach the domain controller, leveraged Kerberos ticket abuse with Impacket, and successfully dumped NTDS secrets. This led to extracting the Administrator NTLM hash and achieving full system compromise via Pass-the-Hash.

    A solid walkthrough covering credential abuse, AD misconfigurations, Kerberos attacks, and pivoting techniques.

    #HackTheBox #CyberSecurity #RedTeam #PenetrationTesting #ActiveDirectory #Kerberos #PrivilegeEscalation #EthicalHacking #Infosec #OffensiveSecurity …

    Learn MoreHack The Box: Eighteen Machine Walkthrough – Easy Difficulity

    7 Mar, 2026
    Hack The Box: Expressway Machine – Easy Difficulity
    Easy Machine , , , , , , , , , ,

    Just completed Expressway on Hack The Box (Easy difficulty) – a solid box that blends weak IKE PSK cracking with a straightforward sudo privilege escalation!
    Enumeration started with UDP scanning, which revealed ISAKMP on port 500. I ran ike-scan in Aggressive Mode to leak the peer identity ike@expressway.htb and capture crackable parameters. Next I used psk-crack against rockyou.txt and recovered the PSK freakingrockstarontheroad in under 13 seconds. I logged in via SSH as ike using that password and quickly grabbed user.txt.

    For privilege escalation, sudo -l confirmed no rights for the ike user. Checking sudo -V showed version 1.9.17 vulnerable to CVE-2025-32463 (chwoot). I cloned the PoC repository on my attack machine, hosted sudo-chwoot.sh with a Python HTTP server, transferred it to the target using curl, made it executable, and ran it. The script printed “woot!” and dropped an instant root shell. From there I read root.txt.
    Nice and clean chain: weak PSK for initial access followed by a known sudo vulnerability for root. Perfect easy box to sharpen IKE enumeration and Linux local exploitation skills.

    #HackTheBox #CTF #PenetrationTesting #Cybersecurity #EthicalHacking #IKE #PSKCracking #PrivilegeEscalation #LinuxExploitation #CVE202532463 #RedTeam …

    Learn MoreHack The Box: Expressway Machine – Easy Difficulity

    14 Feb, 2026
    Hack The Box: Soulmate machine walkthrough – Easy Difficulitty
    Easy Machine , , , , , , , , ,

    Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
    Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
    Credential reuse let me su ben and grab user.txt

    Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt

    Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
    Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!

    #HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam …

    Learn MoreHack The Box: Soulmate machine walkthrough – Easy Difficulitty

    31 Jan, 2026
    Hack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty
    Easy Machine , , , , , , , , , ,

    Just finished CodePartTwo on Hack The Box — a fun Easy-rated Linux box that taught me a lot!

    Initial access came via a js2py sandbox escape in their online JavaScript code editor (CVE-2024-28397 style prototype chain abuse) → reverse shell as ‘app’.
    Post-exploitation: found users.db in /app/instance → quick Python HTTP server exfil → local sqlite3 dump → two MD5 hashes. CrackStation instantly revealed marco’s password (sweetangelbabylove).
    Lateral move: SSH as marco → user.txt claimed.

    Privesc: sudo -l gave NOPASSWD /usr/local/bin/npbackup-cli. After inspecting npbackup.conf (stdin_from_command hint), I used –external-backend-binary to point to my malicious reverse shell script → root shell → root.txt captured.

    Loved how it combined modern sandbox escape with classic sudo misconfig abuse. Solid box for anyone practicing foothold → lateral → root paths.

    #HackTheBox #CTF #PenetrationTesting #Cybersecurity #PrivilegeEscalation #SandboxEscape #LinuxPrivilegeEscalation #RedTeamOps #BugBountyHunter #EthicalHacking …

    Learn MoreHack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty

    6 Dec, 2025
    Hack The Box: Editor Machine Walkthrugh – Easy Difficulity
    Easy Machine , , , , , , , , ,

    User access was achieved by enumerating an XWiki instance running on port 8080, identifying its vulnerable version, and exploiting an unauthenticated RCE in the Solr component (CVE-2025-24893). The foothold exposed plaintext database credentials in the XWiki configuration file, which were reused for the system user, allowing a successful SSH login as oliver.

    Root access came from a misconfigured Netdata installation. Several root-owned plugins were SUID and group-writable, and oliver belonged to the netdata group. Replacing the ndsudo plugin with a custom SUID payload allowed Netdata to execute it as root, granting full system compromise and the root flag.

    #HackTheBox #CyberSecurity #PenetrationTesting #PrivilegeEscalation #EthicalHacking #RedTeam #CTF #XWiki #CVE2025 #Netdata #LinuxSecurity …

    Learn MoreHack The Box: Editor Machine Walkthrugh – Easy Difficulity

    15 Nov, 2025
    Hack The Box: Outbound Machine Walkthrough – Easy Difficulity
    Easy Machine , , , , , , , , ,

    Successfully completed the Outbound HTB machine. Initial access was gained by exploiting CVE‑2025‑49113 in Roundcube 1.6.10 using Tyler’s credentials, which allowed remote code execution.

    Investigation of Roundcube’s configuration revealed database credentials, enabling decryption of Jacob’s session data and retrieval of his plaintext password. Using this, SSH access was obtained to capture the user flag.

    Privilege escalation was achieved via CVE‑2025‑27591 by exploiting a world-writable /var/log/below directory, allowing command execution as root and retrieval of the root flag. This walkthrough highlights the importance of secure configuration, patching, and proper permission management.

    #HackTheBox #CyberSecurity #PenTesting #EthicalHacking #VulnerabilityExploitation #Roundcube #PrivilegeEscalation #LinuxSecurity #CVE2025 …

    Learn MoreHack The Box: Outbound Machine Walkthrough – Easy Difficulity

    25 Oct, 2025
    Hack The Box: Artificial Machine Walkthrough – Easy Diffucilty
    Easy Machine , , , , , , , , , ,

    Hacking the “Artificial” Machine on Hack The Box!

    Conquered the “Artificial” machine on Hack The Box! 🕵️‍♂️ I scanned the target, identified a web server on port 80, and created an account to access its dashboard, where I uploaded a malicious .h5 file to trigger a reverse shell. Using a Docker environment, I gained a shell as the app user, found a SQLite database (users.db), and cracked its password hashes to reveal credentials for user “gael,” allowing me to grab the user flag via SSH from user.txt. For root, I discovered port 9898 running Backrest, forwarded it, and enumerated backup files, finding a bcrypt-hashed password in config.json. Decoding a base64 value yielded a plaintext password, granting access to the Backrest dashboard, where I exploited the RESTIC_PASSWORD_COMMAND to trigger a root shell and secure the root flag from root.txt.

    #Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation …

    Learn MoreHack The Box: Artificial Machine Walkthrough – Easy Diffucilty

    20 Sep, 2025
    Hack The Box: Fluffy Machine Walkthrough – Easy Difficulity
    Easy Machine , , , , , , , , , , , ,

    Introduction to Fluffy: In this write-up, we will explore the “Fluffy” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Machine InformationIn

    Continue ReadingHack The Box: Fluffy Machine Walkthrough – Easy Difficulity

    13 Sep, 2025
    Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty
    Easy Machine , , , , , , , , , , , , ,

    Introduction to Planning: In this write-up, we will explore the “Planning” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Planning Machine Walkthrouh – Easy Diffucilty

    16 Aug, 2025
    Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , ,

    Captured the user flag by exploiting a file upload feature, unpacking .odt files to reveal a hidden password with xmllint, and injecting a reverse shell via the backup feature to get a www-data shell. Retrieved hashes from the nocturnal_database, cracked Tobias’s password (slowmotionapocalypse), and obtained the user flag. For the root flag, enumerated open ports, found port 8080 running ISPConfig, accessed it with admin credentials, identified the version, executed a public exploit, and gained root shell to capture the root flag.

    #HTB #HackTheBox #CyberSecurity #RedTeam #CTF #PenTesting #Nocturnal #LinuxExploitation #WebExploitation #PrivilegeEscalation …

    Learn MoreHack The Box: Nocturnal Machine Walkthrough – Easy Difficulty