Path Traversal

Hack The Box: Previous Machine Walkthrough – Medium Difficulty

by darknite
2026-01-10

🎯 Just rooted the ‘Previous’ machine on Hack The Box!

Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

Abused .terraformrc dev_overrides to load a malicious custom provider binary.
Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

#HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”

Hack The Box: Heal Machine Walkthrough – Medium Difficulty

by darknite
2025-05-17

Writeup Summary: Heal (Hack The Box)

This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

#HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation

Hack The Box: Inject Machine Walkthrough – Easy Difficulty

by darknite
2023-07-09

In this post, I would like to share a walkthrough of the Inject Machine from Hack the Box This room will be considered an Easy machine… Read More »Hack The Box: Inject Machine Walkthrough – Easy Difficulty