MySQL

Hack The Box: Outbound Machine Walkthrough – Easy Difficulity

by darknite
2025-11-15

Successfully completed the Outbound HTB machine. Initial access was gained by exploiting CVE‑2025‑49113 in Roundcube 1.6.10 using Tyler’s credentials, which allowed remote code execution.

Investigation of Roundcube’s configuration revealed database credentials, enabling decryption of Jacob’s session data and retrieval of his plaintext password. Using this, SSH access was obtained to capture the user flag.

Privilege escalation was achieved via CVE‑2025‑27591 by exploiting a world-writable /var/log/below directory, allowing command execution as root and retrieval of the root flag. This walkthrough highlights the importance of secure configuration, patching, and proper permission management.

#HackTheBox #CyberSecurity #PenTesting #EthicalHacking #VulnerabilityExploitation #Roundcube #PrivilegeEscalation #LinuxSecurity #CVE2025

Hack The Box: Certificate Machine Walkthrough – Hard Difficulty

by darknite
2025-10-04

I recently completed the “Certificate” challenge on Hack The Box: after extracting and cracking a captured authentication hash I gained access to a user account (lion.sk) and retrieved the user flag, then progressed to full system compromise by responsibly exploiting weak certificate‑based authentication controls—obtaining and converting certificate material into elevated credentials to capture the root flag. The exercise reinforced how misconfigurations in certificate services and poor time synchronization can create powerful escalation paths, and highlighted the importance of least‑privilege, strict enrollment policies, and monitoring certificate issuance. Great hands‑on reminder that defensive hygiene around PKI and identity services matters.

#CyberSecurity #HTB #Infosec #ADCS #Certificates #PrivilegeEscalation #RedTeam #Pentesting

HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)

by darknite
2025-05-10

Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.

#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity

Hack The Box: Yummy Machine Walkthrough – Hard Difficulty

by darknite
2025-02-22

Introduction to Yummy: This write-up will explore the “Yummy” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the… Read More »Hack The Box: Yummy Machine Walkthrough – Hard Difficulty

Hack The Box: Trickster Machine Walkthrough – Medium Difficulty

by darknite
2025-02-01

Introduction to Trickster: In this write-up, we will explore the “Trickster” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover… Read More »Hack The Box: Trickster Machine Walkthrough – Medium Difficulty

Hack The Box: Blazorized Machine Walkthrough – Hard Difficulty

by darknite
2024-11-09

Introduction to Blazorized: This write-up will explore the “Blazorized” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the… Read More »Hack The Box: Blazorized Machine Walkthrough – Hard Difficulty

Hack The Box: Permx Machine Walkthrough – Easy Difficulty

by darknite
2024-11-02

Introduction to Permx: In this write-up, we will explore the “Permx” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will… Read More »Hack The Box: Permx Machine Walkthrough – Easy Difficulty

Hack The Box: Devvortex Machine Walkthrough – Easy Difficulty

by darknite
2024-05-04

In this post, I would like to share a walkthrough of the Devvortex Machine from Hack the Box This room will be considered an Easy machine on Hack the Box… Read More »Hack The Box: Devvortex Machine Walkthrough – Easy Difficulty

Hack The Box: Surveillance Machine Walkthrough – Medium Difficulty

by darknite
2024-04-20

In this post, I would like to share a walkthrough of the Surveillance Machine from Hack the Box This room will be considered a medium machine on Hack the Box… Read More »Hack The Box: Surveillance Machine Walkthrough – Medium Difficulty

Hack The Box: Clicker Machine Walkthrough – Medium Difficulty

by darknite
2024-01-27

In this post, I would like to share a walkthrough of the Clicker Machine from Hack the Box This room will be considered a Medium machine on Hack the Box… Read More »Hack The Box: Clicker Machine Walkthrough – Medium Difficulty