• Search for:

    Tag Archives: jwt

    1. Home  - 
    2. Posts tagged "jwt"
    7 Jun, 2025
    Hack The Box: Backfire Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , ,

    Successfully rooted another Hack The Box machine by chaining multiple vulnerabilities across custom C2 frameworks. For the user flag, we exploited an SSRF vulnerability (CVE-2024-41570) in the Havoc C2 framework to access internal services, which we then chained with an authenticated RCE to execute arbitrary commands and gain a reverse shell as the ilya user. To maintain stable access, SSH keys were added for persistence, allowing us to retrieve the user.txt flag. For the root flag, we targeted the Hardhat C2 service by forging a valid JWT with a Python script to create an admin user, which provided shell access as sergej. Upon privilege escalation analysis, we found that sergej had sudo access to the iptables-save binary. This was abused to overwrite the /etc/sudoers file and escalate to root, ultimately retrieving the root.txt flag. Another great learning experience on the path to mastering offensive security!

    #HackTheBox #CyberSecurity #InfoSec #RedTeam #CTF #PrivilegeEscalation #RCE #SSRF #Linux #HTB #EthicalHacking #PenetrationTesting #HavocC2 #HardhatC2 #JWT #SudoExploit #OSCP #BugBounty …

    Learn MoreHack The Box: Backfire Machine Walkthrough – Medium Difficulty

    17 May, 2025
    Hack The Box: Heal Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , ,

    Writeup Summary: Heal (Hack The Box)

    This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

    This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

    #HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation …

    Learn MoreHack The Box: Heal Machine Walkthrough – Medium Difficulty

    26 Feb, 2023
    Hack The Box: Awkward Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Awkward Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Awkward machine? For the user

    Continue ReadingHack The Box: Awkward Machine Walkthrough – Medium Difficulty

    23 May, 2022
    HackTheBox: Backendtwo Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Backendtwo Machine from Hack the Box This room will be considered a medium machine on Hack The box What will you gain from the Backendtwo machine? For the user flag, you

    Continue ReadingHackTheBox: Backendtwo Machine Walkthrough – Medium Difficulty

    4 Dec, 2021
    HackTheBox: Unicode Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Unicode Machine from Hack the Box This room has been considered difficulty rated as a medium machine on Hack The Box What will you gain from the Unicode machine? For the user

    Continue ReadingHackTheBox: Unicode Walkthrough – Medium Difficulty

    1 Jun, 2021
    HackTheBox: Cereal Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , ,

    In this post, i would like to share a walkthrough of the Cereal Machine. This room has been considered difficulty rated as a Hard machine Information Gathering on Cereal machine Once we have started the VPN connection, we can start the information gathering on

    Continue ReadingHackTheBox: Cereal Machine Walkthrough – Hard Difficulty

    22 Mar, 2021
    HacktheBox:Thenotebook Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , ,

    In this post, i would like to share a walkthrough of TheNotebook Machine. This room has been considered difficulty rated as a MEDIUM machine Once we have started the VPN connection, we can start the information gathering on the machine by executing the command nmap

    Continue ReadingHacktheBox:Thenotebook Machine Walkthrough – Medium Difficulty