Medium Machine Archives - Threatninja.net

16 May, 2026

Hack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

Medium Machine BurpSuite, Challenges, CVE-2025-49132, CVE-2025-6018, CVE-2025-6019, gobuster, HackTheBox, hashcat, Linux, mariadb, Penetration Testing, python3, ssh

Completed the Pterodactyl machine on Hack The Box, focusing on end-to-end exploitation.

The attack started with a path traversal vulnerability (CVE-2025-49132) in the Pterodactyl Panel, leading to unauthenticated RCE. This access allowed database extraction, credential recovery, and SSH access as a low-privileged user.

Privilege escalation was achieved through PAM environment variable poisoning (CVE-2025-6018), followed by a more stable root shell using a libblockdev/udisks race condition (CVE-2025-6019).

A solid exercise in chaining web exploitation with local privilege escalation techniques.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #CTF #Linux #PrivilegeEscalation #WebSecurity …

Learn MoreHack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

9 May, 2026

Hack The Box: Overwatch Machine Walkthrough- Medium Difficulity

Medium Machine Binary Exploitation, bloodyAD, Challenges, command injection, HackTheBox, MSSQL, NetExec, Penetration Testing, port forwarding, PowerView, responder, SMB & Kerberos Attacks, SOAP, Windows

Just completed “Overwatch” — Medium difficulty machine on Hack The Box! ✅

This Windows AD environment provided an excellent learning experience combining reconnaissance, service enumeration, and creative privilege escalation techniques.

After gaining initial access via a low-privileged service account and securing a stable WinRM shell, post-exploitation enumeration quickly led to the first flag on the user’s desktop.

For privilege escalation, I focused on an internally exposed service that contained a dangerous command injection vulnerability. By exploiting this flaw, I was able to create a new administrator account, elevate my privileges, and eventually compromise the Administrator user — granting full system control and allowing retrieval of the final flag.

Really enjoyed the logical flow and the clever abuse of internal services in this box!

#HackTheBox #HTB #PenetrationTesting #CyberSecurity #EthicalHacking #ActiveDirectory #PrivilegeEscalation #RedTeam #Infosec …

Learn MoreHack The Box: Overwatch Machine Walkthrough- Medium Difficulity

18 Apr, 2026

Hack The Box: Airtouch Mahcine Walkthrough – Medium Diffiiculty

Medium Machine aircrack-ng, AP, BurpSuite, Challenges, eaphammer, HackTheBox, Linux, Penetration Testing, port forwarding, ssh

Recently, I completed the “Airtouch” machine on Hack The Box (Medium difficulty), which provided a great hands-on experience in combining system exploitation with wireless attack techniques.

The challenge started with basic reconnaissance and service enumeration, leading to initial access via SSH as a low-privileged user. From there, misconfigured sudo permissions allowed quick privilege escalation on the host. What made this machine particularly interesting was its setup as a wireless attack platform, requiring interaction with a simulated corporate Wi-Fi environment.

By cracking a WPA2-PSK handshake and connecting to the internal network, I was able to pivot further, access an internal access point, and exploit an unrestricted file upload vulnerability to gain remote shell access. Additional enumeration revealed credentials that enabled lateral movement to a management server, ultimately leading to full root compromise.

Overall, this machine was a great reminder of how misconfigurations, weak credentials, and insecure file handling can chain together into a full system compromise—especially in complex environments involving internal networks and wireless infrastructure.

#HackTheBox #CyberSecurity #PenetrationTesting #RedTeam #EthicalHacking #CTF #Infosec #PrivilegeEscalation #NetworkSecurity …

Learn MoreHack The Box: Airtouch Mahcine Walkthrough – Medium Diffiiculty

28 Mar, 2026

Hack The Box: Browsed Machine Walkthrough – Medium Diffucility

Medium Machine Challenges, extension_tool.py, Gitea, HackTheBox, json, Linux, Penetration Testing, Python

Completed the Browsed machine on Hack The Box 🚀

Gained initial access by uploading a malicious Chrome extension with a reverse shell payload. Automated testing executed it, giving a foothold as larry and access to user flag.

Escalated privileges by abusing a misconfigured sudo rule on extension_tool.py. A world-writable pycache directory allowed bytecode poisoning, leading to root access and full compromise.

Great box for practicing client-side attacks, extension abuse, and privilege escalation via Python internals.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #PrivilegeEscalation #WebSecurity #CTF …

Learn MoreHack The Box: Browsed Machine Walkthrough – Medium Diffucility

21 Mar, 2026

Hack The Box: Conversor Machine Walkhtrough – Easy Difficulity

Medium Machine Challenges, HackTheBox, john the ripper, Linux, needrestart, Penetration Testing, python3, source code review, sqlite3, xml, xslt

Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.

For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.

For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF …

Learn MoreHack The Box: Conversor Machine Walkhtrough – Easy Difficulity

14 Mar, 2026

Hack The Box: Gavel Machine Walkthrough – Medium Difficulity

Medium Machine BurpSuite, Challenges, curl, gavel-util, git-dumper, gobuster, HackTheBox, john, Linux, Penetration Testing, source code review, SQL Injection, ssh

Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

#HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

21 Feb, 2026

Hack The Box: GiveBack machine walkthrough – Medium Difficulity

Medium Machine Challenges, container, cve-2024-8353, GiveWP, HackTheBox, json, Kubernetes, Linux, Penetration Testing, ssh, Wordpress

Just completed the Giveback machine on Hack The Box (Medium difficulty).
Started with Nmap → WordPress + vulnerable GiveWP 3.14.0 (CVE-2024-5932 / CVE-2024-8353 PHP Object Injection) → unauthenticated RCE via donation form PoC → reverse shell as bitnami in a Bitnami Kubernetes pod.
Pivoted using mounted K8s service account token → abused the API + exploited a vulnerable legacy PHP-CGI intranet service → broke out to the host as user babywyrm → grabbed user.txt.

For root: passwordless sudo on custom /opt/debug binary → used dumped secret as admin password → crafted malicious OCI config.json → ran privileged container via runc breakout → read root.txt.
Great chain: web vuln → container escape → K8s lateral → sudo abuse.
Loved the real-world Kubernetes misconfig + runc wrapper elements.

#HackTheBox #CTF #PenetrationTesting #KubernetesSecurity #ContainerEscape #RCE #PrivilegeEscalation #Cybersecurity …

Learn MoreHack The Box: GiveBack machine walkthrough – Medium Difficulity

7 Feb, 2026

Hack The Box: Signed Machine Walkthrough – Medium Difficulity

Medium Machine Challenges, HackTheBox, hashcat, kerberos, Penetration Testing, responder, SQL, Windows

After escalating to a SYSTEM-level PowerShell reverse shell using xp_cmdshell and a base64-encoded payload that called back to my netcat listener on port 9007, I navigated to the user profile and read the user flag directly with type user.txt.

With full sysadmin rights on the SQL instance as SIGNED\Administrator (thanks to a forged silver ticket with Domain Admins membership), I enabled xp_cmdshell, launched a reverse shell to land SYSTEM access, then grabbed the root flag from

Box fully pwned — domain admin and SYSTEM in the bag!

#HackTheBox #HTBSigned #PenetrationTesting #CyberSecurity #PrivilegeEscalation #ActiveDirectory #RedTeam #CTF #EthicalHacking #OffensiveSecurity …

Learn MoreHack The Box: Signed Machine Walkthrough – Medium Difficulity

24 Jan, 2026

Hack The Box: Imagery Machine Walkthrough – Medium Difficulity

Medium Machine backup recovery, BurpSuite, Challenges, Charcol, HackTheBox, hashcat, javascript, json, Linux, Local File Inclusion (LFI), Penetration Testing, python3, RCE, ssh

Just completed the Imagery machine on Hack The Box (Medium). The challenge involved identifying weaknesses in a custom web application, analysing exposed application logic and data, and chaining these issues to move laterally within the system to gain user-level access. Further investigation highlighted how overlooked privilege boundaries and misconfigured trusted utilities can be abused to escalate privileges and obtain full administrative control.

#HackTheBox #CyberSecurity #WebSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #CTF #InfoSec
…

Learn MoreHack The Box: Imagery Machine Walkthrough – Medium Difficulity

17 Jan, 2026

Hack The Box: HackNet Machine Walkthrough – Medium Diffucility

Medium Machine

Just wrapped up HackNet (Medium difficulty, Hack The Box) — what a ride!
Started with deep web enumeration and uncovered a template injection vulnerability in how dynamic content gets rendered. Crafted a payload, injected it into a user-controlled field, triggered the vulnerable path through a specific page interaction, and extracted sensitive account details that handed me valid SSH credentials as a low-priv user. From there, grabbing the user flag was a clean win.
For privilege escalation, enumeration from the foothold revealed a misconfigured, world-writable file-based cache backend in the Django app. Knowing the framework’s caching behavior and a known deserialization weakness, I built a malicious payload, poisoned the cache location, and triggered RCE as the web user. Further digging exposed encrypted database backups secured by public-key crypto; I obtained the key, cracked its passphrase, decrypted the dumps, and recovered a high-priv credential that let me escalate to root and snag the root flag.

#HackTheBox #Cybersecurity #WebExploitation #PrivEsc #PickleRCE #DjangoSecurity #CTF #PenetrationTesting #OffensiveSecurity #BugBounty …

Learn MoreHack The Box: HackNet Machine Walkthrough – Medium Diffucility

Threatninja.net

Threatninja.net

Category Archives: Medium Machine