• Search for:

    Category Archives: Medium Machine

    1. Home  - Challenges HackTheBox
    2. Archive by category "Medium Machine"
    28 Mar, 2026
    Hack The Box: Browsed Machine Walkthrough – Medium Diffucility
    Medium Machine , , , , , , ,

    Completed the Browsed machine on Hack The Box 🚀

    Gained initial access by uploading a malicious Chrome extension with a reverse shell payload. Automated testing executed it, giving a foothold as larry and access to user flag.

    Escalated privileges by abusing a misconfigured sudo rule on extension_tool.py. A world-writable pycache directory allowed bytecode poisoning, leading to root access and full compromise.

    Great box for practicing client-side attacks, extension abuse, and privilege escalation via Python internals.

    #HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #PrivilegeEscalation #WebSecurity #CTF …

    Learn MoreHack The Box: Browsed Machine Walkthrough – Medium Diffucility

    21 Mar, 2026
    Hack The Box: Conversor Machine Walkhtrough – Easy Difficulity
    Medium Machine , , , , , , , , , ,

    Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.

    For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.

    For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.

    #HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF …

    Learn MoreHack The Box: Conversor Machine Walkhtrough – Easy Difficulity

    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    21 Feb, 2026
    Hack The Box: GiveBack machine walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , ,

    Just completed the Giveback machine on Hack The Box (Medium difficulty).
    Started with Nmap → WordPress + vulnerable GiveWP 3.14.0 (CVE-2024-5932 / CVE-2024-8353 PHP Object Injection) → unauthenticated RCE via donation form PoC → reverse shell as bitnami in a Bitnami Kubernetes pod.
    Pivoted using mounted K8s service account token → abused the API + exploited a vulnerable legacy PHP-CGI intranet service → broke out to the host as user babywyrm → grabbed user.txt.

    For root: passwordless sudo on custom /opt/debug binary → used dumped secret as admin password → crafted malicious OCI config.json → ran privileged container via runc breakout → read root.txt.
    Great chain: web vuln → container escape → K8s lateral → sudo abuse.
    Loved the real-world Kubernetes misconfig + runc wrapper elements.

    #HackTheBox #CTF #PenetrationTesting #KubernetesSecurity #ContainerEscape #RCE #PrivilegeEscalation #Cybersecurity …

    Learn MoreHack The Box: GiveBack machine walkthrough – Medium Difficulity

    7 Feb, 2026
    Hack The Box: Signed Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , ,

    After escalating to a SYSTEM-level PowerShell reverse shell using xp_cmdshell and a base64-encoded payload that called back to my netcat listener on port 9007, I navigated to the user profile and read the user flag directly with type user.txt.

    With full sysadmin rights on the SQL instance as SIGNED\Administrator (thanks to a forged silver ticket with Domain Admins membership), I enabled xp_cmdshell, launched a reverse shell to land SYSTEM access, then grabbed the root flag from

    Box fully pwned — domain admin and SYSTEM in the bag!

    #HackTheBox #HTBSigned #PenetrationTesting #CyberSecurity #PrivilegeEscalation #ActiveDirectory #RedTeam #CTF #EthicalHacking #OffensiveSecurity …

    Learn MoreHack The Box: Signed Machine Walkthrough – Medium Difficulity

    24 Jan, 2026
    Hack The Box: Imagery Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , , ,

    Just completed the Imagery machine on Hack The Box (Medium). The challenge involved identifying weaknesses in a custom web application, analysing exposed application logic and data, and chaining these issues to move laterally within the system to gain user-level access. Further investigation highlighted how overlooked privilege boundaries and misconfigured trusted utilities can be abused to escalate privileges and obtain full administrative control.

    #HackTheBox #CyberSecurity #WebSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #CTF #InfoSec

    Learn MoreHack The Box: Imagery Machine Walkthrough – Medium Difficulity

    17 Jan, 2026
    Hack The Box: HackNet Machine Walkthrough – Medium Diffucility
    Medium Machine

    Just wrapped up HackNet (Medium difficulty, Hack The Box) — what a ride!
    Started with deep web enumeration and uncovered a template injection vulnerability in how dynamic content gets rendered. Crafted a payload, injected it into a user-controlled field, triggered the vulnerable path through a specific page interaction, and extracted sensitive account details that handed me valid SSH credentials as a low-priv user. From there, grabbing the user flag was a clean win.
    For privilege escalation, enumeration from the foothold revealed a misconfigured, world-writable file-based cache backend in the Django app. Knowing the framework’s caching behavior and a known deserialization weakness, I built a malicious payload, poisoned the cache location, and triggered RCE as the web user. Further digging exposed encrypted database backups secured by public-key crypto; I obtained the key, cracked its passphrase, decrypted the dumps, and recovered a high-priv credential that let me escalate to root and snag the root flag.

    #HackTheBox #Cybersecurity #WebExploitation #PrivEsc #PickleRCE #DjangoSecurity #CTF #PenetrationTesting #OffensiveSecurity #BugBounty …

    Learn MoreHack The Box: HackNet Machine Walkthrough – Medium Diffucility

    10 Jan, 2026
    Hack The Box: Previous Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    🎯 Just rooted the ‘Previous’ machine on Hack The Box!

    Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

    Abused .terraformrc dev_overrides to load a malicious custom provider binary.
    Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

    #HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”

    Learn MoreHack The Box: Previous Machine Walkthrough – Medium Difficulty

    30 Nov, 2025
    Hack The Box: Era Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , ,

    Compromising the Era HTB machine involved chaining multiple weaknesses across the web layer and system layer. Initial access was obtained through an IDOR flaw in a file-sharing platform, allowing unrestricted file retrieval by enumerating numeric IDs. Leaked backups exposed source code, plaintext credentials, and an SSH private key, enabling lateral movement as eric. Further analysis uncovered a root-executed integrity-check binary in a world-writable directory. By extracting its signature, injecting it into a backdoored replacement, and waiting for the cron job to trigger, privileged execution was achieved. A resulting callback delivered full root access and allowed retrieval of the final flag.

    #HTB #HackTheBox #CyberSecurity #Pentesting #WebSecurity #IDOR #PrivilegeEscalation #LinuxSecurity #RedTeam #CTF #InfoSec …

    Learn MoreHack The Box: Era Machine Walkthrough – Medium Difficulity

    1 Nov, 2025
    Hack The Box: Voleur Machinen Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    Cracked a password-protected Excel on an SMB share to recover service-account credentials, used Kerberos to access a user account and capture user.txt, then leveraged AD write permissions to restore a deleted admin, decrypt DPAPI artefacts for high‑priv creds, and access the DC to grab root.txt.

    #HackTheBox #ADSecurity #Kerberos #DPAPI #RedTeam #CTF

    Learn MoreHack The Box: Voleur Machinen Walkthrough – Medium Difficulty