• Search for:

    Tag Archives: git-dumper

    1. Home  - 
    2. Posts tagged "git-dumper"
    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    12 Jul, 2025
    Hack The Box: Dog Machine Walkthrough (Easy Difficulty)
    Easy Machine , , , , , , , , , , , ,

    Exploited exposed credentials in a .git repository to access Backdrop CMS, then used a remote command execution vulnerability (EDB-ID: 52021) for a reverse shell. Escalated to root by leveraging a misconfigured bee binary with sudo privileges, capturing both user and root flags.

    #Cybersecurity #HackTheBox #PenetrationTesting #CTF #WebExploitation #PrivilegeEscalation #EthicalHacking #InfoSec #CyberSec #Hacking …

    Learn MoreHack The Box: Dog Machine Walkthrough (Easy Difficulty)

    5 Jul, 2025
    Hack The Box: Cat Machine Walkthrough – Medium Diffculity
    Medium Machine , , , , , , , , , , , , , , , ,

    Hack The Box Success: Cat Machine Write-Up Published!

    I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

    #CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

    Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

    1 Feb, 2025
    Hack The Box: Trickster Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , , , , , ,

    Introduction to Trickster: In this write-up, we will explore the “Trickster” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of

    Continue ReadingHack The Box: Trickster Machine Walkthrough – Medium Difficulty

    25 Nov, 2023
    Hack The Box: Pilgrimage Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Pilgrimage Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Pilgrimage machine? For the user

    Continue ReadingHack The Box: Pilgrimage Machine Walkthrough – Easy Difficulty

    15 Apr, 2023
    Hack The Box: Encoding Machine – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Encoding Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Encoding machine? For the user

    Continue ReadingHack The Box: Encoding Machine – Medium Difficulty

    12 Sep, 2022
    Hack The Box: UpDown Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the UpDown Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the UpDown machine? For the user flag,

    Continue ReadingHack The Box: UpDown Machine Walkthrough – Medium Difficulty

    10 Sep, 2022
    Hack the box: Vessel Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Vessel Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Vessel machine? For the user flag,

    Continue ReadingHack the box: Vessel Machine Walkthrough – Hard Difficulty

    22 Oct, 2021
    HackTheBox: Devzat Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Devzat Machine from HackTheBox This room has been considered difficulty rated as a medium machine on HackThebox What you will gain from Devzat machine? For the user flag, you will execute the

    Continue ReadingHackTheBox: Devzat Machine Walkthrough – Medium Difficulty

    1 Jun, 2021
    HackTheBox: Cereal Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , ,

    In this post, i would like to share a walkthrough of the Cereal Machine. This room has been considered difficulty rated as a Hard machine Information Gathering on Cereal machine Once we have started the VPN connection, we can start the information gathering on

    Continue ReadingHackTheBox: Cereal Machine Walkthrough – Hard Difficulty