• Search for:

    Tag Archives: source code review

    1. Home  - 
    2. Posts tagged "source code review"
    21 Mar, 2026
    Hack The Box: Conversor Machine Walkhtrough – Easy Difficulity
    Medium Machine , , , , , , , , , ,

    Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.

    For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.

    For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.

    #HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF …

    Learn MoreHack The Box: Conversor Machine Walkhtrough – Easy Difficulity

    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    5 Jul, 2025
    Hack The Box: Cat Machine Walkthrough – Medium Diffculity
    Medium Machine , , , , , , , , , , , , , , , ,

    Hack The Box Success: Cat Machine Write-Up Published!

    I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

    #CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

    Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

    19 Jan, 2023
    Hack The Box: Forgot Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Forgot Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Forgot machine? For the user

    Continue ReadingHack The Box: Forgot Machine Walkthrough – Medium Difficulty

    12 Sep, 2022
    Hack The Box: UpDown Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the UpDown Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the UpDown machine? For the user flag,

    Continue ReadingHack The Box: UpDown Machine Walkthrough – Medium Difficulty

    15 Jul, 2022
    Hack The Box: Faculty Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Faculty Machine from Hack the Box This room will be considered a Medium machine on Hack The box What will you gain from the faculty machine? For the user flag,

    Continue ReadingHack The Box: Faculty Machine Walkthrough – Medium Difficulty

    29 Mar, 2022
    Hack The Box: Phoenix Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Phoenix Machine from Hack the Box This room will be considered as a Hard machine on Hack The box What will you gain from the Phoenix machine? For the user flag, you

    Continue ReadingHack The Box: Phoenix Machine Walkthrough – Hard Difficulty

    23 Jan, 2022
    Hack The Box: Admirertoo Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Admirertoo Machine from Hack the Box This room will be considered as a Hard machine on Hack The box What will you gain from Admirertoo machine? For the user flag, you will

    Continue ReadingHack The Box: Admirertoo Machine Walkthrough – Hard Difficulty

    8 Jan, 2022
    HackTheBox: Search Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Search Machine from Hack the Box This room has been considered difficulty rated as a Hard machine on Hack The box What will you gain from Search machine? For the user flag,

    Continue ReadingHackTheBox: Search Machine Walkthrough – Hard Difficulty

    18 Dec, 2021
    Hack The Box: Timing Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Timing Machine from Hack the Box This room has been considered difficulty rated as a medium machine on Hack The box What will you gain from Timing machine? For the user flag,

    Continue ReadingHack The Box: Timing Walkthrough – Medium Difficulty