• Search for:

    Tag Archives: BurpSuite

    1. Home  - 
    2. Posts tagged "BurpSuite"
      3. ( Page4 )
    5 Apr, 2025
    Hack The Box: Ghost Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , , , , , , , , , , , ,

    The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻

    #HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking …

    Learn MoreHack The Box: Ghost Machine Walkthrough – Insane Difficulty

    29 Mar, 2025
    Hack The Box: BlockBlock Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    This walkthrough examines the BlockBlock machine from Hack The Box, classified as a medium-difficulty challenge. The assessment began with the exploitation of an XSS vulnerability, which facilitated credential theft through the Ethereum JSON-RPC API, granting SSH access. Privilege escalation was achieved by leveraging the forge binary to obtain higher privileges, followed by exploiting a misconfigured pacman package manager to gain root access. This engagement underscores the critical importance of securing APIs, implementing robust input validation, and enforcing strict privilege escalation controls to mitigate security risks.

    #HackTheBox #CyberSecurity #PenetrationTesting #CTF #EthicalHacking #XSS #PrivilegeEscalation #BlockchainSecurity …

    Learn MoreHack The Box: BlockBlock Machine Walkthrough – Hard Difficulty

    8 Mar, 2025
    Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , ,

    A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**.

    Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**.

    This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks.

    #CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF …

    Learn MoreHack The Box: Chemistry Machine Walkthrough – Easy Difficulty

    22 Feb, 2025
    Hack The Box: Yummy Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Introduction to Yummy: This write-up will explore the “Yummy” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of

    Continue ReadingHack The Box: Yummy Machine Walkthrough – Hard Difficulty

    8 Feb, 2025
    HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty
    Insane Machine , , , , , , , , , , , , , ,

    Introduction to MagicGardens: This write-up will explore the “MagicGardens” machine from Hack The Box, which is categorized as an insanely difficult challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on

    Continue ReadingHackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty

    1 Feb, 2025
    Hack The Box: Trickster Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , , , , , ,

    Introduction to Trickster: In this write-up, we will explore the “Trickster” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of

    Continue ReadingHack The Box: Trickster Machine Walkthrough – Medium Difficulty

    28 Jan, 2025
    Hack The Box: Strutted Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , ,

    Introduction to Strutted: This write-up will explore the “Strutted” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this

    Continue ReadingHack The Box: Strutted Machine Walkthrough – Medium Difficulty

    25 Jan, 2025
    Hack The Box: Caption Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Introduction to Caption: This write-up will explore the “Caption” machine from Hack The Box, which is categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Caption Machine Walkthrough – Hard Difficulty

    18 Jan, 2025
    Hack The Box: MonitorsThree Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , ,

    Introduction to MonitorsThree: This write-up will explore the “Monitorsthree” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on Monitorsthree: The

    Continue ReadingHack The Box: MonitorsThree Machine Walkthrough – Medium Difficulty

    11 Jan, 2025
    Hack The Box: Sightless Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , , ,

    Introduction to Sightless: In this write-up, we will explore the “Sightless” machine from Hack the Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Sightless Machine Walkthrough – Easy Difficulty