BurpSuite

Hack The Box: Artificial Machine Walkthrough – Easy Diffucilty

by darknite
2025-10-25

Hacking the “Artificial” Machine on Hack The Box!

Conquered the “Artificial” machine on Hack The Box! 🕵️‍♂️ I scanned the target, identified a web server on port 80, and created an account to access its dashboard, where I uploaded a malicious .h5 file to trigger a reverse shell. Using a Docker environment, I gained a shell as the app user, found a SQLite database (users.db), and cracked its password hashes to reveal credentials for user “gael,” allowing me to grab the user flag via SSH from user.txt. For root, I discovered port 9898 running Backrest, forwarded it, and enumerated backup files, finding a bcrypt-hashed password in config.json. Decoding a base64 value yielded a plaintext password, granting access to the Backrest dashboard, where I exploited the RESTIC_PASSWORD_COMMAND to trigger a root shell and secure the root flag from root.txt.

#Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation

Hack The Box: DarkCorp Machine Walkthrough – Insane Difficulity

by darknite
2025-10-20

Finished the Insane-level DarkCorp box on Hack The Box. Initial foothold came from registering on a webmail portal and abusing a contact form to deliver a payload that resulted in a reverse shell. From there I enumerated the app and DB, identified SQL injection and extracted hashes (cracked one to thePlague61780), recovered DPAPI master key material and additional credentials (Pack_beneath_Solid9!), and used those artifacts to escalate to root and retrieve root.txt. Valuable practice in web vectors, SQLi exploitation, credential harvesting, DPAPI analysis, and Windows privilege escalation. Happy to share high-level notes or mitigations.

#HackTheBox #Infosec #RedTeam #Pentesting #WindowsSecurity #CredentialHunting #CTF

Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty

by darknite
2025-09-15

Introduction to Planning: In this write-up, we will explore the “Planning” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will… Read More »Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty

Hack The Box: Environment Machine Walkthough-Medium Difficulty

by darknite
2025-09-06

Environment HTB: Full User & Root Flag Capture Through Exploitation

Captured both the user and root flags on the Environment HTB machine! We exploited Laravel 11.30.0 (PHP 8.2.28) vulnerabilities, including argument injection (CVE-2024-52301) and UniSharp Laravel Filemanager code injection. By bypassing authentication with `–env=preprod` and leveraging the profile upload feature, we executed a PHP reverse shell and retrieved the user flag via `cat user.txt`. For root access, we decrypted `keyvault.gpg` from the `.gnupg` directory to obtain credentials and exploited sudo with preserved BASH\_ENV by crafting a script that spawned a privileged shell, ultimately gaining full control of the system.

#CyberSecurity #HTB #PenTesting #EthicalHacking #LaravelExploits #PrivilegeEscalation #PHP #Infosec #BugBounty #RedTeam

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

by darknite
2025-08-23

I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

#Cybersecurity #CTF #EthicalHacking #PenetrationTesting

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

by darknite
2025-08-16

Captured the user flag by exploiting a file upload feature, unpacking .odt files to reveal a hidden password with xmllint, and injecting a reverse shell via the backup feature to get a www-data shell. Retrieved hashes from the nocturnal_database, cracked Tobias’s password (slowmotionapocalypse), and obtained the user flag. For the root flag, enumerated open ports, found port 8080 running ISPConfig, accessed it with admin credentials, identified the version, executed a public exploit, and gained root shell to capture the root flag.

#HTB #HackTheBox #CyberSecurity #RedTeam #CTF #PenTesting #Nocturnal #LinuxExploitation #WebExploitation #PrivilegeEscalation

Hack The Box: University Machine Walkthrough – Insane Walkthrough

by darknite
2025-08-16

Compromised university.htb by exploiting ReportLab RCE (CVE-2023-33733) to gain initial access as wao. Forged a professor certificate to impersonate george, then uploaded a malicious lecture to compromise Martin.T.

Escalated privileges by exploiting a scheduled task with a malicious .url file, used LocalPotato (CVE-2023-21746) for elevation on WS-3, and abused SeBackupPrivilege to extract NTDS.dit, ultimately retrieving Domain Admin credentials.

🔍 A great hands-on challenge combining web exploitation, privilege escalation, and Active Directory abuse.

#CyberSecurity #RedTeam #CTF #PrivilegeEscalation #HTB #InfoSec #WindowsExploitation #PenetrationTesting #EthicalHacking #HackTheBox

Hack The Box: Code Machine Walkthrough – Easy Difficulity

by darknite
2025-08-02

Successfully exploited a code execution vulnerability in a web application by bypassing keyword restrictions through Python class enumeration, leading to a reverse shell as the app-production user and retrieval of the user.txt flag. Leveraged access to a SQLite database to crack credentials for the martin user and escalate privileges. Identified a backup script running with root privileges, crafted a malicious JSON payload to include the root directory in backups, and ultimately obtained the root.txt flag.

This engagement highlights the importance of secure input validation, credential management, and careful privilege delegation in application security.

#Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation #ApplicationSecurity

Hack The Box: Cypher Machine Walkthrough – Medium Difficultyy

by darknite
2025-07-30

Successfully exploited a vulnerable Neo4j database via Cypher injection to extract credentials, gain SSH access, and retrieve the user flag. Then leveraged a misconfigured `bbot` binary with sudo rights to set the SUID bit on `/bin/bash`, escalating privileges to root and capturing the root flag. #Cybersecurity #Neo4j #CypherInjection #PrivilegeEscalation #Pentesting #EthicalHacking #InfoSec

Hack The Box: Dog Machine Walkthrough (Easy Difficulty)

by darknite
2025-07-12

Exploited exposed credentials in a .git repository to access Backdrop CMS, then used a remote command execution vulnerability (EDB-ID: 52021) for a reverse shell. Escalated to root by leveraging a misconfigured bee binary with sudo privileges, capturing both user and root flags.

#Cybersecurity #HackTheBox #PenetrationTesting #CTF #WebExploitation #PrivilegeEscalation #EthicalHacking #InfoSec #CyberSec #Hacking