• Search for:

    Tag Archives: ghidra

    1. Home  - 
    2. Posts tagged "ghidra"
    28 Feb, 2026
    Hack The Box: Guardian Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    🔐 User Flag — Compromising the Application Layer

    Successfully rooted the Guardian (Hard) machine on Hack The Box by chaining multiple real-world web vulnerabilities.Initial access was achieved through credential abuse and IDOR within the student portal. Leaked chat credentials exposed internal Gitea repositories containing hardcoded database secrets. A vulnerable XLSX file upload feature allowed formula injection → XSS → session hijacking. Leveraging CSRF, I created a rogue admin account and escalated privileges within the application. From there, an LFI vulnerability combined with a PHP filter chain led to Remote Code Execution. After gaining a shell as www-data, I reused leaked credentials to pivot laterally to user jamil, capturing the user flag.

    👑 Root Flag — From Code Injection to Full System Compromise

    Privilege escalation started with sudo -l, revealing that jamil could execute a Python utility as user mark without a password. Since one of the Python files was writable, I injected code to spawn a shell as mark. Further enumeration uncovered a custom binary (safeapache2ctl) executable as root. A flawed validation mechanism in its Apache config parsing allowed path traversal and arbitrary file inclusion. By crafting a malicious shared object (evil.so) and abusing the wrapper’s improper include validation, I achieved root-level code execution and obtained a root shell. …

    Learn MoreHack The Box: Guardian Machine Walkthrough – Hard Difficulty

    13 Dec, 2025
    Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity
    Insane Machine , , , , , , , , , , , , , , , , ,

    Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

    Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

    This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

    #HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF …

    Learn MoreHack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

    18 May, 2024
    Hack The Box: Ouija Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Ouija Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Ouija machine? For the user flag, you must abuse

    Continue ReadingHack The Box: Ouija Machine Walkthrough – Insane Difficulty

    17 Feb, 2024
    Hack The Box: Drive Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Drive Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Drive machine? For the user flag, you will need

    Continue ReadingHack The Box: Drive Machine Walkthrough – Hard Difficulty

    9 Aug, 2022
    Hack The Box: Overgraph Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Overgraph Machine from Hack the Box This room will be considered a Hard machine on Hack The Box What will you gain from the Overgraph machine? For the user flag,

    Continue ReadingHack The Box: Overgraph Machine Walkthrough – Hard Difficulty

    25 Jun, 2022
    HackTheBox: Retired Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Retired Machine from Hack the Box This room will be considered a medium machine on Hack The box What will you gain from the Retired machine? For the user flag, you

    Continue ReadingHackTheBox: Retired Machine Walkthrough – Medium Difficulty

    16 Apr, 2022
    Hack The Box: Overflow Machine Writeup – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Overflow Machine from Hack the Box This room will be considered as a Hard machine on Hack The box What will you gain from the Overflow machine? For the user flag, you

    Continue ReadingHack The Box: Overflow Machine Writeup – Hard Difficulty

    27 Feb, 2022
    Hack The Box: Undetected Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Undetected Machine from Hack the Box This room will be considered as a medium machine on Hack The Box What will you gain from the Undetected machine? For the user flag, you

    Continue ReadingHack The Box: Undetected Machine Walkthrough – Medium Difficulty