hashcat Archives - Page 2 of 6

23 Aug, 2025

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Medium Machine BloodHoundCE, BurpSuite, Challenges, CVE-2023-34598, faketime, Gibbon, HackTheBox, hashcat, impacket, Local Fle Inclusion, Penetration Testing, python3, SharpGPOAbuse, sqlite3, ssh, Windows

I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

#Cybersecurity #CTF #EthicalHacking #PenetrationTesting …

Learn MoreHack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

16 Aug, 2025

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Challenges, CVE-2023-46818, HackTheBox, hashcat, ispconfig, Linux, port forwarding, python3, sqlite3, ssh, xmllint

Captured the user flag by exploiting a file upload feature, unpacking .odt files to reveal a hidden password with xmllint, and injecting a reverse shell via the backup feature to get a www-data shell. Retrieved hashes from the nocturnal_database, cracked Tobias’s password (slowmotionapocalypse), and obtained the user flag. For the root flag, enumerated open ports, found port 8080 running ISPConfig, accessed it with admin credentials, identified the version, executed a public exploit, and gained root shell to capture the root flag.

#HTB #HackTheBox #CyberSecurity #RedTeam #CTF #PenTesting #Nocturnal #LinuxExploitation #WebExploitation #PrivilegeEscalation …

Learn MoreHack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

19 Jul, 2025

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hard Machine ADCS, Bloodhound, bloodyAD, Certipy, Challenges, ESC14, ESC9, evil-winrm, HackTheBox, hashcat, ldapsearch, nfs, openssl, Penetration Testing, showmount, Windows

I conquered the “Scepter” machine on Hack The Box, a challenging Active Directory exploit! Initially, I cracked weak .pfx certificate passwords using pfx2john and rockyou.txt. After syncing time, I extracted D.BAKER’s NTLM hash via Certipy and used BloodHound to reveal A.CARTER’s password reset privileges, exploiting ESC9 to capture the user flag. Subsequently, H.BROWN’s access to P.ADAMS’s altSecurityIdentities enabled an ESC14 attack, forging a certificate for passwordless authentication. Consequently, P.ADAMS’s DCSync rights allowed domain hash extraction, securing the root flag via Evil-WinRM.

#Cybersecurity #HackTheBox #ActiveDirectory #PrivilegeEscalation #CTF #EthicalHacking …

Learn MoreHack The Box: Scepter Machine Walkthrough – Hard Difficulty

5 Jul, 2025

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Medium Machine BurpSuite, Challenges, command injection, Cross Site Scripting, git-dumper, Gitea, gobuster, HackTheBox, hashcat, Linux, Penetration Testing, port forwarding, source code review, SQL, SQL Injection, sqlite3, ssh

Hack The Box Success: Cat Machine Write-Up Published!

I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

14 Jun, 2025

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Insane Machine bitlocker, Bloodhound, BloodHoundCE, bloodyAD, BurpSuite, Certipy, Challenges, evil-winrm, HackTheBox, hashcat, impacket, john the ripper, kerbrute, Output Messenger, Penetration Testing, RDP, sqlite3, Windows, Wireshark

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
…

Learn MoreHack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

17 May, 2025

Hack The Box: Heal Machine Walkthrough – Medium Difficulty

Medium Machine BurpSuite, Challenges, consul, HackTheBox, hashcat, jwt, LimeSurvey, Linux, Path Traversal, Penetration Testing, port forwarding, rails, ruby, sqlite3, ssh

Writeup Summary: Heal (Hack The Box)

This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

#HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation …

Learn MoreHack The Box: Heal Machine Walkthrough – Medium Difficulty

10 May, 2025

Hack The Box: Underpass Machine Walkthrough – Easy Difficulty

Easy Machine apache2, Challenges, Daloradius, gobuster, HackTheBox, hashcat, Linux, mosh-server, Penetration Testing, snmp

Successfully completed the “Underpass” machine on Hack The Box! For the user flag, I enumerated SNMP to discover a Daloradius instance, logged in with default credentials, cracked an MD5-hashed password for the svcMosh account, and used SSH to access the user flag in its home directory. To capture the root flag, I escalated privileges by exploiting sudo permissions on mosh-server, obtaining a session key and port to establish a root session and retrieve the flag from /root/root.txt.

#Cybersecurity #HackTheBox #CaptureTheFlag #PenetrationTesting #LinuxSecurity #PrivilegeEscalation #SNMP #Daloradius #EthicalHacking #InformationSecurity …

Learn MoreHack The Box: Underpass Machine Walkthrough – Easy Difficulty

3 May, 2025

HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

Hard Machine Android, BuddyForms, BurpSuite, Challenges, chisel, CVE-2023-26326, CVE-2024-2961, file upload, gobuster, grafana, grafana2hashcat, HackTheBox, hashcat, Linux, Local File Inclusion (LFI), MySQL, Penetration Testing, port forwarding, python3, Remote Code Execution (RCE) in WordPress, Server Misconfigurations, Wordpress

Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.

#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity …

Learn MoreHackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

19 Apr, 2025

Hack The Box: Administrator Walkthrough Medium Difficulty

Medium Machine BloodHoundCE, Challenges, crackmapexec, evil-winrm, ftp, HackTheBox, hashcat, Penetration Testing, pwsafe, TargetedKerberoast, Windows

Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.

#ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest …

Learn MoreHack The Box: Administrator Walkthrough Medium Difficulty

5 Apr, 2025

Hack The Box: Ghost Machine Walkthrough – Insane Difficulty

Insane Machine adfs abuse attack, ADFSDump, ADFSSpoof, Bloodhound, BloodHoundCE, BurpSuite, Challenges, command injection, docker, efspotatoo, evil-winrm, Gitea, HackTheBox, hashcat, JokerShell, kerberos, LFI, Linux, mimkatz, Penetration Testing, responder, rubeus.exe, SQL, ssh

The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻

#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking …

Learn MoreHack The Box: Ghost Machine Walkthrough – Insane Difficulty

Threatninja.net

Threatninja.net

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Hack The Box: Heal Machine Walkthrough – Medium Difficulty

Hack The Box: Underpass Machine Walkthrough – Easy Difficulty

HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

Hack The Box: Administrator Walkthrough Medium Difficulty

Hack The Box: Ghost Machine Walkthrough – Insane Difficulty

Threatninja.net

Threatninja.net

Tag Archives: hashcat