• Search for:

    Tag Archives: BurpSuite

    1. Home  - 
    2. Posts tagged "BurpSuite"
    23 May, 2026
    Hack The Box: MonitorsFour Machine Walkthrough – Easy Diffucilty
    Easy Machine , , , , , , , , , , ,

    Wrapped up another solid box with a clean chain from web exploitation to full host compromise.

    Gained initial access through an IDOR vulnerability on the /user endpoint, which exposed an admin hash that cracked to wonderful1. This provided access to the Cacti dashboard as marcus. From there, exploiting CVE-2025-24367 led to a reverse shell inside a Docker container as www-data, where the user flag was retrieved.

    Privilege escalation came from spotting an exposed Docker API. By deploying a privileged container and mounting the host filesystem, it was possible to break out of the container and access the Windows host, ultimately retrieving the root flag.

    Nice reminder of how small web flaws can cascade into full infrastructure compromise when combined with misconfigurations like exposed Docker daemons.

    #cybersecurity #penetrationtesting #redteam #docker #privilegeescalation #websecurity #ethicalhacking #infosec …

    Learn MoreHack The Box: MonitorsFour Machine Walkthrough – Easy Diffucilty

    16 May, 2026
    Hack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Pterodactyl machine on Hack The Box, focusing on end-to-end exploitation.

    The attack started with a path traversal vulnerability (CVE-2025-49132) in the Pterodactyl Panel, leading to unauthenticated RCE. This access allowed database extraction, credential recovery, and SSH access as a low-privileged user.

    Privilege escalation was achieved through PAM environment variable poisoning (CVE-2025-6018), followed by a more stable root shell using a libblockdev/udisks race condition (CVE-2025-6019).

    A solid exercise in chaining web exploitation with local privilege escalation techniques.

    #HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #CTF #Linux #PrivilegeEscalation #WebSecurity …

    Learn MoreHack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

    25 Apr, 2026
    Hack The Box: Sorcery Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , , ,

    Recently, I completed the “Sorcery” machine on Hack The Box (Insane difficulty), which provided a deep, multi-layered challenge combining modern web exploitation, internal pivoting, and complex privilege escalation.

    The attack began with reconnaissance of a self-hosted Gitea instance, where exposed source code revealed the application architecture. This led to identifying a Cypher injection vulnerability in functionality backed by Neo4j, which enabled SSRF to leak sensitive data such as password hashes and a registration key. After gaining seller access, a stored XSS payload was used to hijack an admin session and access a restricted debug feature. This interface allowed interaction with internal services, ultimately achieving remote code execution via a Kafka-based payload. From there, pivoting with Ligolo-ng exposed internal services, including an FTP server containing an encrypted private key, which was cracked offline to gain SSH access and retrieve the user flag.

    Privilege escalation required chaining multiple subtle misconfigurations. A running Xvfb instance exposed a screen dump containing credentials for a higher-privileged user. With limited sudo access, strace was used to capture plaintext credentials from running processes. Further enumeration revealed activity tied to FreeIPA, where identity management controls were abused to gain full sudo privileges. After applying the changes, this ultimately led to root access and full system compromise.

    #HackTheBox #CyberSecurity #PenetrationTesting #RedTeam #EthicalHacking #CTF #Infosec #PrivilegeEscalation #WebSecurity …

    Learn MoreHack The Box: Sorcery Machine Walkthrough – Insane Difficulty

    18 Apr, 2026
    Hack The Box: Airtouch Mahcine Walkthrough – Medium Diffiiculty
    Medium Machine , , , , , , , , ,

    Recently, I completed the “Airtouch” machine on Hack The Box (Medium difficulty), which provided a great hands-on experience in combining system exploitation with wireless attack techniques.

    The challenge started with basic reconnaissance and service enumeration, leading to initial access via SSH as a low-privileged user. From there, misconfigured sudo permissions allowed quick privilege escalation on the host. What made this machine particularly interesting was its setup as a wireless attack platform, requiring interaction with a simulated corporate Wi-Fi environment.

    By cracking a WPA2-PSK handshake and connecting to the internal network, I was able to pivot further, access an internal access point, and exploit an unrestricted file upload vulnerability to gain remote shell access. Additional enumeration revealed credentials that enabled lateral movement to a management server, ultimately leading to full root compromise.

    Overall, this machine was a great reminder of how misconfigurations, weak credentials, and insecure file handling can chain together into a full system compromise—especially in complex environments involving internal networks and wireless infrastructure.

    #HackTheBox #CyberSecurity #PenetrationTesting #RedTeam #EthicalHacking #CTF #Infosec #PrivilegeEscalation #NetworkSecurity …

    Learn MoreHack The Box: Airtouch Mahcine Walkthrough – Medium Diffiiculty

    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    14 Feb, 2026
    Hack The Box: Soulmate machine walkthrough – Easy Difficulitty
    Easy Machine , , , , , , , , ,

    Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
    Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
    Credential reuse let me su ben and grab user.txt

    Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt

    Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
    Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!

    #HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam …

    Learn MoreHack The Box: Soulmate machine walkthrough – Easy Difficulitty

    24 Jan, 2026
    Hack The Box: Imagery Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , , ,

    Just completed the Imagery machine on Hack The Box (Medium). The challenge involved identifying weaknesses in a custom web application, analysing exposed application logic and data, and chaining these issues to move laterally within the system to gain user-level access. Further investigation highlighted how overlooked privilege boundaries and misconfigured trusted utilities can be abused to escalate privileges and obtain full administrative control.

    #HackTheBox #CyberSecurity #WebSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #CTF #InfoSec

    Learn MoreHack The Box: Imagery Machine Walkthrough – Medium Difficulity

    10 Jan, 2026
    Hack The Box: Previous Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    🎯 Just rooted the ‘Previous’ machine on Hack The Box!

    Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

    Abused .terraformrc dev_overrides to load a malicious custom provider binary.
    Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

    #HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”

    Learn MoreHack The Box: Previous Machine Walkthrough – Medium Difficulty

    13 Dec, 2025
    Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity
    Insane Machine , , , , , , , , , , , , , , , , ,

    Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

    Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

    This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

    #HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF …

    Learn MoreHack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

    30 Nov, 2025
    Hack The Box: Era Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , ,

    Compromising the Era HTB machine involved chaining multiple weaknesses across the web layer and system layer. Initial access was obtained through an IDOR flaw in a file-sharing platform, allowing unrestricted file retrieval by enumerating numeric IDs. Leaked backups exposed source code, plaintext credentials, and an SSH private key, enabling lateral movement as eric. Further analysis uncovered a root-executed integrity-check binary in a world-writable directory. By extracting its signature, injecting it into a backdoored replacement, and waiting for the cron job to trigger, privileged execution was achieved. A resulting callback delivered full root access and allowed retrieval of the final flag.

    #HTB #HackTheBox #CyberSecurity #Pentesting #WebSecurity #IDOR #PrivilegeEscalation #LinuxSecurity #RedTeam #CTF #InfoSec …

    Learn MoreHack The Box: Era Machine Walkthrough – Medium Difficulity