HackTheBox Archives - Page 4 of 28

23 Aug, 2025

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Medium Machine BloodHoundCE, BurpSuite, Challenges, CVE-2023-34598, faketime, Gibbon, HackTheBox, hashcat, impacket, Local Fle Inclusion, Penetration Testing, python3, SharpGPOAbuse, sqlite3, ssh, Windows

I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

#Cybersecurity #CTF #EthicalHacking #PenetrationTesting …

Learn MoreHack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

16 Aug, 2025

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Challenges, CVE-2023-46818, HackTheBox, hashcat, ispconfig, Linux, port forwarding, python3, sqlite3, ssh, xmllint

Captured the user flag by exploiting a file upload feature, unpacking .odt files to reveal a hidden password with xmllint, and injecting a reverse shell via the backup feature to get a www-data shell. Retrieved hashes from the nocturnal_database, cracked Tobias’s password (slowmotionapocalypse), and obtained the user flag. For the root flag, enumerated open ports, found port 8080 running ISPConfig, accessed it with admin credentials, identified the version, executed a public exploit, and gained root shell to capture the root flag.

#HTB #HackTheBox #CyberSecurity #RedTeam #CTF #PenTesting #Nocturnal #LinuxExploitation #WebExploitation #PrivilegeEscalation …

Learn MoreHack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

9 Aug, 2025

Hack The Box: University Machine Walkthrough – Insane Walkthrough

Insane Machine Bloodhound, BurpSuite, Challenges, CVE-2023-33733, evil-winrm, HackTheBox, LocalPotato, Penetration Testing, python3, ssh, SSH key, Windows

Compromised university.htb by exploiting ReportLab RCE (CVE-2023-33733) to gain initial access as wao. Forged a professor certificate to impersonate george, then uploaded a malicious lecture to compromise Martin.T.

Escalated privileges by exploiting a scheduled task with a malicious .url file, used LocalPotato (CVE-2023-21746) for elevation on WS-3, and abused SeBackupPrivilege to extract NTDS.dit, ultimately retrieving Domain Admin credentials.

🔍 A great hands-on challenge combining web exploitation, privilege escalation, and Active Directory abuse.

#CyberSecurity #RedTeam #CTF #PrivilegeEscalation #HTB #InfoSec #WindowsExploitation #PenetrationTesting #EthicalHacking #HackTheBox …

Learn MoreHack The Box: University Machine Walkthrough – Insane Walkthrough

2 Aug, 2025

Hack The Box: Code Machine Walkthrough – Easy Difficulity

Easy Machine BurpSuite, Challenges, HackTheBox, hashtag, json, Linux, Penetration Testing, python3, sqliite3, ssh

Successfully exploited a code execution vulnerability in a web application by bypassing keyword restrictions through Python class enumeration, leading to a reverse shell as the app-production user and retrieval of the user.txt flag. Leveraged access to a SQLite database to crack credentials for the martin user and escalate privileges. Identified a backup script running with root privileges, crafted a malicious JSON payload to include the root directory in backups, and ultimately obtained the root.txt flag.

This engagement highlights the importance of secure input validation, credential management, and careful privilege delegation in application security.

#Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation #ApplicationSecurity …

Learn MoreHack The Box: Code Machine Walkthrough – Easy Difficulity

26 Jul, 2025

Hack The Box: Cypher Machine Walkthrough – Medium Difficultyy

Medium Machine bbot, BurpSuite, Challenges, Cypher Injection, gobuster, HackTheBox, jadx-gui, jar, Linux, neo4j, Penetration Testing, python3

19 Jul, 2025

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hard Machine ADCS, Bloodhound, bloodyAD, Certipy, Challenges, ESC14, ESC9, evil-winrm, HackTheBox, hashcat, ldapsearch, nfs, openssl, Penetration Testing, showmount, Windows

I conquered the “Scepter” machine on Hack The Box, a challenging Active Directory exploit! Initially, I cracked weak .pfx certificate passwords using pfx2john and rockyou.txt. After syncing time, I extracted D.BAKER’s NTLM hash via Certipy and used BloodHound to reveal A.CARTER’s password reset privileges, exploiting ESC9 to capture the user flag. Subsequently, H.BROWN’s access to P.ADAMS’s altSecurityIdentities enabled an ESC14 attack, forging a certificate for passwordless authentication. Consequently, P.ADAMS’s DCSync rights allowed domain hash extraction, securing the root flag via Evil-WinRM.

#Cybersecurity #HackTheBox #ActiveDirectory #PrivilegeEscalation #CTF #EthicalHacking …

Learn MoreHack The Box: Scepter Machine Walkthrough – Hard Difficulty

12 Jul, 2025

Hack The Box: Dog Machine Walkthrough (Easy Difficulty)

Easy Machine Backdrop, bee, BurpSuite, Challenges, command injection, CVE-2024-41709, git-dumper, HackTheBox, Linux, Penetration Testing, PHP, pwncat-cs, reverse shell

5 Jul, 2025

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Medium Machine BurpSuite, Challenges, command injection, Cross Site Scripting, git-dumper, Gitea, gobuster, HackTheBox, hashcat, Linux, Penetration Testing, port forwarding, source code review, SQL, SQL Injection, sqlite3, ssh

Hack The Box Success: Cat Machine Write-Up Published!

I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

28 Jun, 2025

Hack The Box: Haze Machine Walkthrough – Hard Difficulty

Hard Machine Active Directory, Bloodhound, bloodyAD, Certipy, Challenges, CVE-2024-36991, evil-winrm, HackTheBox, Linux, Local File Inclusion (LFI), NetExec, Penetration Testing, pywhisker, Splunk, splunksecrets, SweetPotato

New Write-Up Published: Haze [Medium | Windows | Active Directory] – Hack The Box

Just released a walkthrough for Haze, a medium-difficulty Windows machine on Hack The Box. Initial access was obtained by exploiting CVE-2024-36991, a local file inclusion vulnerability in Splunk, to extract LDAP credentials. This enabled a Shadow Credentials attack using PyWhisker and Certipy, allowing lateral movement to a high-privileged domain user. For privilege escalation, I utilized Splunk admin access to deploy a reverse shell via a crafted app package. Upon gaining shell access, I escalated privileges to NT SYSTEM by abusing SeImpersonatePrivilege with SweetPotato. This box offers great insight into chained Active Directory abuse and Splunk misconfigurations.

#HackTheBox #RedTeam #ActiveDirectory #Splunk #CVE202436991 #ShadowCredentials #PrivilegeEscalation #SweetPotato #CTF #InfoSec #WriteUp #CyberSecurity …

Learn MoreHack The Box: Haze Machine Walkthrough – Hard Difficulty

21 Jun, 2025

Hack The Box: Titanic Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Challenges, CVE-2024-41817, directory traversal, HackTheBox, ImageMagick, Linux, Penetration Testing, python3, ssh

Just wrapped up a detailed walkthrough of the Hack The Box Titanic machine — an easy-rated challenge packed with valuable learning opportunities!

The journey started with exploiting a directory traversal vulnerability to access sensitive Gitea configuration files and extract user credentials. From there, I gained SSH access as the developer user and retrieved the user flag.

Privilege escalation was achieved by exploiting a critical ImageMagick vulnerability (CVE-2024-41817) in a writable directory, allowing arbitrary code execution via a crafted shared library. I also discovered the developer user had unrestricted sudo privileges, providing a straightforward path to root.

#HackTheBox #CyberSecurity #Pentesting #CTF #PrivilegeEscalation #LinuxSecurity #ImageMagick #CVE202441817 #EthicalHacking #DirectoryTraversal

…

Learn MoreHack The Box: Titanic Machine Walkthrough – Easy Difficulty

Threatninja.net

Threatninja.net

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

Hack The Box: University Machine Walkthrough – Insane Walkthrough

Hack The Box: Code Machine Walkthrough – Easy Difficulity

Hack The Box: Cypher Machine Walkthrough – Medium Difficultyy

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hack The Box: Dog Machine Walkthrough (Easy Difficulty)

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Hack The Box: Haze Machine Walkthrough – Hard Difficulty

Hack The Box: Titanic Machine Walkthrough – Easy Difficulty

Threatninja.net

Threatninja.net

Category Archives: HackTheBox