gobuster Archives - Threatninja.net

20 Jun, 2026

Hack The Box: Nanocorp Machine Walkhtrough – Hard Difficulity

Hard Machine Bloodhound, bloodyAD, BurpSuite, Challenges, CheckMK Agent, CVE-2024-0670, evil-winrm, gobuster, HackTheBox, hashcat, responsder, Windows

We completed the “Nanocorp” Active Directory lab on Hack The Box, covering full chain exploitation from initial access to domain compromise.

User access was achieved by exploiting a ZIP extraction flaw in a recruitment portal, leading to NTLM hash capture via a malicious .library-ms file and credential recovery for web_svc. Active Directory misconfigurations allowed privilege escalation to monitoring_svc through BloodHound-guided abuse of ForceChangePassword rights.

Root access was obtained after enumerating CheckMK Agent 2.1 on the Domain Controller. A web shell enabled command execution as web_svc, followed by exploitation of the CheckMK MSI repair process (CVE-2024-0670) using RunasCs to achieve SYSTEM-level access.

#HackTheBox #ActiveDirectory #Pentesting #RedTeam #PrivilegeEscalation #CyberSecurity #WindowsDomain #BloodHound …

Learn MoreHack The Box: Nanocorp Machine Walkhtrough – Hard Difficulity

17 Jun, 2026

Hack The Box: Abducted Machine Walkthrough – Medium Difficulty

Medium Machine Challenges, CVE-2026-4480, gobuster, HackTheBox, Linux, Penetration Testing, rclone, rpcclient, Samba, smbclient, ssh, sshkey-gen

Recently completed the Abducted machine from Hack The Box, a Medium-difficulty challenge that combined SMB enumeration, Samba exploitation, credential discovery, lateral movement, and Linux privilege escalation techniques.

The path to user access involved enumerating SMB shares and anonymous RPC services before exploiting a vulnerable Samba printer configuration to gain an initial foothold. Further enumeration revealed backup credentials stored within an Rclone configuration file, which were decrypted and reused to obtain access as a legitimate user. From there, a misconfigured Samba share enabled lateral movement to another account, ultimately leading to a systemd-based privilege escalation path and root access.

This machine provided valuable practice in chaining multiple weaknesses together and demonstrated how exposed credentials, insecure service configurations, and share misconfigurations can collectively lead to full system compromise.

Key takeaways:
✅ SMB and RPC enumeration can reveal valuable attack paths
✅ Exposed credentials often provide opportunities for lateral movement
✅ Misconfigured Samba shares can introduce serious security risks
✅ Service configuration weaknesses can lead to privilege escalation
✅ Small misconfigurations can be chained into complete system compromise

#CyberSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #RedTeam #LinuxSecurity #SMB #Samba #CTF #HackTheBox #InfoSec #SecurityResearch …

Learn MoreHack The Box: Abducted Machine Walkthrough – Medium Difficulty

13 Jun, 2026

Hack The Box – VariaType Machine Walkthrough Medium Difficulty

Medium Machine BurpSuite, Challenges, CVE-2024-25081, CVE-2024-25082, CVE-2025-66034, fontforge, git, git log, git-dumper, gobuster, HackTheBox, Linux, Penetration Testing, python3, ssh

Recently completed a Medium-difficulty machine that combined web exploitation, file-processing abuse, and privilege escalation techniques.

The path to user access involved leveraging a vulnerable backend font-processing workflow and a ZIP-based exploitation chain to obtain a reverse shell and pivot to a legitimate user account. From there, further enumeration uncovered a misconfigured sudo rule that allowed privilege escalation to root through a Python-based validation script.

This machine provided valuable practice in identifying attack paths, chaining vulnerabilities, and understanding how seemingly minor misconfigurations can lead to full system compromise.

Key takeaways:
✅ Thorough enumeration is critical
✅ File-processing functionality can introduce unexpected attack surfaces
✅ Misconfigured sudo permissions remain a common privilege-escalation vector

#CyberSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #RedTeam #LinuxSecurity #CTF #HackTheBox #InfoSec #SecurityResearch …

Learn MoreHack The Box – VariaType Machine Walkthrough Medium Difficulty

6 Jun, 2026

Hack The Box: Facts Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Camaleon CMS, Challenges, CVE-2025-2304, facter, gobuster, gtfobins, HackTheBox, john the ripper, Linux, Penetration Testing, python3, ssh

Completed the Facts machine from Hack The Box, an easy-rated Linux challenge that combined web exploitation, cloud storage enumeration, SSH key recovery, and privilege escalation.

The initial foothold came from exploiting CVE-2025-2304, a mass assignment vulnerability in Camaleon CMS 2.9.0, which allowed privilege escalation from a low-privileged user to administrator. Access to the administration panel exposed S3 configuration details and credentials, leading to enumeration of an internal bucket containing an encrypted SSH private key. After recovering the key’s passphrase with John the Ripper, SSH access as the trivia user was obtained.

Privilege escalation to root involved abusing facter, a Ruby-based utility executable via sudo without a password. By leveraging its –custom-dir option to load a malicious custom fact, arbitrary commands were executed as root, resulting in full system compromise.

A great machine that highlights the impact of insecure parameter handling, cloud storage exposure, and the risks associated with misconfigured sudo privileges.

#HackTheBox #HTB #Facts #CyberSecurity #PenetrationTesting #EthicalHacking #RedTeam #PrivilegeEscalation #Linux #AWS #S3 #CamaleonCMS #CVE20252304 #JohnTheRipper #Ruby #Infosec #CTF #CyberSecurityLearning …

Learn MoreHack The Box: Facts Machine Walkthrough – Easy Difficulty

23 May, 2026

Hack The Box: MonitorsFour Machine Walkthrough – Easy Diffucilty

Easy Machine BurpSuite, cacti, Challenges, CVE-2025-24367, docker, Docker API Abuse, gobuster, HackTheBox, Linux, Penetration Testing, rustscan, Windows

Wrapped up another solid box with a clean chain from web exploitation to full host compromise.

Gained initial access through an IDOR vulnerability on the /user endpoint, which exposed an admin hash that cracked to wonderful1. This provided access to the Cacti dashboard as marcus. From there, exploiting CVE-2025-24367 led to a reverse shell inside a Docker container as www-data, where the user flag was retrieved.

Privilege escalation came from spotting an exposed Docker API. By deploying a privileged container and mounting the host filesystem, it was possible to break out of the container and access the Windows host, ultimately retrieving the root flag.

Nice reminder of how small web flaws can cascade into full infrastructure compromise when combined with misconfigurations like exposed Docker daemons.

#cybersecurity #penetrationtesting #redteam #docker #privilegeescalation #websecurity #ethicalhacking #infosec …

Learn MoreHack The Box: MonitorsFour Machine Walkthrough – Easy Diffucilty

16 May, 2026

Hack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

Medium Machine BurpSuite, Challenges, CVE-2025-49132, CVE-2025-6018, CVE-2025-6019, gobuster, HackTheBox, hashcat, Linux, mariadb, Penetration Testing, python3, ssh

Completed the Pterodactyl machine on Hack The Box, focusing on end-to-end exploitation.

The attack started with a path traversal vulnerability (CVE-2025-49132) in the Pterodactyl Panel, leading to unauthenticated RCE. This access allowed database extraction, credential recovery, and SSH access as a low-privileged user.

Privilege escalation was achieved through PAM environment variable poisoning (CVE-2025-6018), followed by a more stable root shell using a libblockdev/udisks race condition (CVE-2025-6019).

A solid exercise in chaining web exploitation with local privilege escalation techniques.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #CTF #Linux #PrivilegeEscalation #WebSecurity …

Learn MoreHack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

14 Mar, 2026

Hack The Box: Gavel Machine Walkthrough – Medium Difficulity

Medium Machine BurpSuite, Challenges, curl, gavel-util, git-dumper, gobuster, HackTheBox, john, Linux, Penetration Testing, source code review, SQL Injection, ssh

Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

#HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

14 Feb, 2026

Hack The Box: Soulmate machine walkthrough – Easy Difficulitty

Easy Machine BurpSuite, Challenges, crushftp, erlang SSH, ffuf, gobuster, HackTheBox, Linux, Penetration Testing, ssh

Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
Credential reuse let me su ben and grab user.txt

Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt

Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!

#HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam …

Learn MoreHack The Box: Soulmate machine walkthrough – Easy Difficulitty

10 Jan, 2026

Hack The Box: Previous Machine Walkthrough – Medium Difficulty

Medium Machine BurpSuite, Challenges, CVECVE-2025-29927, gcc, gobuster, HackTheBox, Linux, Path Traversal, Penetration Testing, PreviousJS, python3, ssh, terraform

🎯 Just rooted the ‘Previous’ machine on Hack The Box!

Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

Abused .terraformrc dev_overrides to load a malicious custom provider binary.
Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

#HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”
…

Learn MoreHack The Box: Previous Machine Walkthrough – Medium Difficulty

13 Dec, 2025

Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

Insane Machine 7zip, Authentication Bypass, BurpSuite, Challenges, ffuf, ghidra, gobuster, HackTheBox, Linux, n8n, neo-password-generator, Penetration Testing, python3, restic, SQL Injection, ssh, Uptime Kuma, webhook

Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

#HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF …

Learn MoreHack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

Threatninja.net

Threatninja.net

Tag Archives: gobuster