• Search for:

    Tag Archives: SQL Injection

    1. Home  - 
    2. Posts tagged "SQL Injection"
    14 Mar, 2026
    Hack The Box: Gavel Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , ,

    Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the application’s source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.

    Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.

    #HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF …

    Learn MoreHack The Box: Gavel Machine Walkthrough – Medium Difficulity

    13 Dec, 2025
    Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity
    Insane Machine , , , , , , , , , , , , , , , , ,

    Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

    Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

    This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

    #HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF …

    Learn MoreHack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

    5 Jul, 2025
    Hack The Box: Cat Machine Walkthrough – Medium Diffculity
    Medium Machine , , , , , , , , , , , , , , , ,

    Hack The Box Success: Cat Machine Write-Up Published!

    I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

    #CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

    Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

    9 Nov, 2024
    Hack The Box: Blazorized Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , ,

    Introduction to Blazorized: This write-up will explore the “Blazorized” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on Blazorized machine:

    Continue ReadingHack The Box: Blazorized Machine Walkthrough – Hard Difficulty

    14 Oct, 2023
    Hack The Box: Intentions Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Intentions Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Intentions machine? For the user

    Continue ReadingHack The Box: Intentions Machine Walkthrough – Hard Difficulty

    26 Aug, 2023
    HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the OnlyforYou Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the OnlyforYou machine? For the user

    Continue ReadingHackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty

    15 Jul, 2023
    Hack The Box: Socket Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Socket Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Socket machine? For the user

    Continue ReadingHack The Box: Socket Machine Walkthrough – Medium Difficulty

    29 Apr, 2023
    Hack The Box: Metatwo Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Metatwo Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Metatwo machine? For the user

    Continue ReadingHack The Box: Metatwo Machine Walkthrough – Easy Difficulty

    10 Sep, 2022
    Hack the box: Vessel Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Vessel Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Vessel machine? For the user flag,

    Continue ReadingHack the box: Vessel Machine Walkthrough – Hard Difficulty