• Search for:

    Tag Archives: command injection

    1. Home  - 
    2. Posts tagged "command injection"
    12 Jul, 2025
    Hack The Box: Dog Machine Walkthrough (Easy Difficulty)
    Easy Machine , , , , , , , , , , , ,

    Exploited exposed credentials in a .git repository to access Backdrop CMS, then used a remote command execution vulnerability (EDB-ID: 52021) for a reverse shell. Escalated to root by leveraging a misconfigured bee binary with sudo privileges, capturing both user and root flags.

    #Cybersecurity #HackTheBox #PenetrationTesting #CTF #WebExploitation #PrivilegeEscalation #EthicalHacking #InfoSec #CyberSec #Hacking …

    Learn MoreHack The Box: Dog Machine Walkthrough (Easy Difficulty)

    5 Jul, 2025
    Hack The Box: Cat Machine Walkthrough – Medium Diffculity
    Medium Machine , , , , , , , , , , , , , , , ,

    Hack The Box Success: Cat Machine Write-Up Published!

    I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

    #CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

    Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

    5 Apr, 2025
    Hack The Box: Ghost Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , , , , , , , , , , , ,

    The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻

    #HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking …

    Learn MoreHack The Box: Ghost Machine Walkthrough – Insane Difficulty

    28 Jan, 2025
    Hack The Box: Strutted Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , ,

    Introduction to Strutted: This write-up will explore the “Strutted” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this

    Continue ReadingHack The Box: Strutted Machine Walkthrough – Medium Difficulty

    23 Nov, 2024
    Hack The Box: Resource Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , ,

    Introduction to Resource: In this write-up, we will explore the “Resource” machine from Hack The Box, which is categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag.

    Continue ReadingHack The Box: Resource Machine Walkthrough – Hard Difficulty

    2 Nov, 2024
    Hack The Box: Permx Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , ,

    Introduction to Permx: In this write-up, we will explore the “Permx” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Permx Machine Walkthrough – Easy Difficulty

    21 Sep, 2024
    Hack The Box: SolarLab Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    Introduction to Solarlab: This write-up will explore the “Solarlab” machine from Hack The Box, categorized as an Medium difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of

    Continue ReadingHack The Box: SolarLab Machine Walkthrough – Medium Difficulty

    10 Aug, 2024
    Hack The Box: Usage Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Usage Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Usage machine? For the user flag, you need to abuse blind

    Continue ReadingHack The Box: Usage Machine Walkthrough – Easy Difficulty

    3 Aug, 2024
    Hack The Box: Iclean Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Iclean Machine from Hack the Box This room will be considered a Medium machine on Hack the Box What will you gain from the Iclean machine? For the user flag, you need to

    Continue ReadingHack The Box: Iclean Machine Walkthrough – Medium Difficulty