• Search for:

    Tag Archives: gobuster

    1. Home  - 
    2. Posts tagged "gobuster"
    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    14 Feb, 2026
    Hack The Box: Soulmate machine walkthrough – Easy Difficulitty
    Easy Machine , , , , , , , , ,

    Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
    Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
    Credential reuse let me su ben and grab user.txt

    Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt

    Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
    Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!

    #HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam …

    Learn MoreHack The Box: Soulmate machine walkthrough – Easy Difficulitty

    10 Jan, 2026
    Hack The Box: Previous Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    🎯 Just rooted the ‘Previous’ machine on Hack The Box!

    Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

    Abused .terraformrc dev_overrides to load a malicious custom provider binary.
    Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

    #HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”

    Learn MoreHack The Box: Previous Machine Walkthrough – Medium Difficulty

    13 Dec, 2025
    Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity
    Insane Machine , , , , , , , , , , , , , , , , ,

    Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

    Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

    This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

    #HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF …

    Learn MoreHack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

    30 Nov, 2025
    Hack The Box: Era Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , ,

    Compromising the Era HTB machine involved chaining multiple weaknesses across the web layer and system layer. Initial access was obtained through an IDOR flaw in a file-sharing platform, allowing unrestricted file retrieval by enumerating numeric IDs. Leaked backups exposed source code, plaintext credentials, and an SSH private key, enabling lateral movement as eric. Further analysis uncovered a root-executed integrity-check binary in a world-writable directory. By extracting its signature, injecting it into a backdoored replacement, and waiting for the cron job to trigger, privileged execution was achieved. A resulting callback delivered full root access and allowed retrieval of the final flag.

    #HTB #HackTheBox #CyberSecurity #Pentesting #WebSecurity #IDOR #PrivilegeEscalation #LinuxSecurity #RedTeam #CTF #InfoSec …

    Learn MoreHack The Box: Era Machine Walkthrough – Medium Difficulity

    13 Sep, 2025
    Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty
    Easy Machine , , , , , , , , , , , , ,

    Introduction to Planning: In this write-up, we will explore the “Planning” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Planning Machine Walkthrouh – Easy Diffucilty

    6 Sep, 2025
    Hack The Box: Environment Machine Walkthough-Medium Difficulty
    Medium Machine , , , , , , , , , , , , ,

    Environment HTB: Full User & Root Flag Capture Through Exploitation

    Captured both the user and root flags on the Environment HTB machine! We exploited Laravel 11.30.0 (PHP 8.2.28) vulnerabilities, including argument injection (CVE-2024-52301) and UniSharp Laravel Filemanager code injection. By bypassing authentication with `–env=preprod` and leveraging the profile upload feature, we executed a PHP reverse shell and retrieved the user flag via `cat user.txt`. For root access, we decrypted `keyvault.gpg` from the `.gnupg` directory to obtain credentials and exploited sudo with preserved BASH\_ENV by crafting a script that spawned a privileged shell, ultimately gaining full control of the system.

    #CyberSecurity #HTB #PenTesting #EthicalHacking #LaravelExploits #PrivilegeEscalation #PHP #Infosec #BugBounty #RedTeam

    Learn MoreHack The Box: Environment Machine Walkthough-Medium Difficulty

    30 Aug, 2025
    Hack The Box: Eureka Machine Walkthrough – Hard Dificulty
    Hard Machine , , , , , , , , , , ,

    I enumerated Spring Boot Actuator endpoints, including /actuator/heapdump, which revealed plaintext credentials for oscar190. SSH login as oscar190 was successful, though the home directory was empty. Analysis of application.properties exposed Eureka credentials (EurekaSrvr:0scarPWDisTheB3st), granting access to the Eureka dashboard. By registering a malicious microservice, I retrieved miranda.wise credentials and captured the user flag. For privilege escalation, I identified a vulnerable log_analyse.sh script, performed command injection, and created a SUID bash shell in /tmp/bash. Executing this shell provided root access, allowing retrieval of the root flag and full control of the machine.

    #CyberSecurity #EthicalHacking #HackTheBox #PenTesting #PrivilegeEscalation #WebSecurity #SpringBoot #CTF #BugHunting #InfoSec #RedTeam #OffensiveSecurity …

    Learn MoreHack The Box: Eureka Machine Walkthrough – Hard Dificulty

    26 Jul, 2025
    Hack The Box: Cypher Machine Walkthrough – Medium Difficultyy
    Medium Machine , , , , , , , , , , ,

    Successfully exploited a vulnerable Neo4j database via Cypher injection to extract credentials, gain SSH access, and retrieve the user flag. Then leveraged a misconfigured `bbot` binary with sudo rights to set the SUID bit on `/bin/bash`, escalating privileges to root and capturing the root flag. #Cybersecurity #Neo4j #CypherInjection #PrivilegeEscalation #Pentesting #EthicalHacking #InfoSec …

    Learn MoreHack The Box: Cypher Machine Walkthrough – Medium Difficultyy

    5 Jul, 2025
    Hack The Box: Cat Machine Walkthrough – Medium Diffculity
    Medium Machine , , , , , , , , , , , , , , , ,

    Hack The Box Success: Cat Machine Write-Up Published!

    I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

    #CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

    Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity