sqlite3 Archives - Threatninja.net

21 Mar, 2026

Hack The Box: Conversor Machine Walkhtrough – Easy Difficulity

Medium Machine Challenges, HackTheBox, john the ripper, Linux, needrestart, Penetration Testing, python3, source code review, sqlite3, xml, xslt

Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.

For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.

For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF …

Learn MoreHack The Box: Conversor Machine Walkhtrough – Easy Difficulity

31 Jan, 2026

Hack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty

Easy Machine Challenges, CVE-2024-28397, HackTheBox, js2py, Linux, npbackup-cli, python3, Sandbox bypass, sqlite3, ssh, ssti

Just finished CodePartTwo on Hack The Box — a fun Easy-rated Linux box that taught me a lot!

Initial access came via a js2py sandbox escape in their online JavaScript code editor (CVE-2024-28397 style prototype chain abuse) → reverse shell as ‘app’.
Post-exploitation: found users.db in /app/instance → quick Python HTTP server exfil → local sqlite3 dump → two MD5 hashes. CrackStation instantly revealed marco’s password (sweetangelbabylove).
Lateral move: SSH as marco → user.txt claimed.

Privesc: sudo -l gave NOPASSWD /usr/local/bin/npbackup-cli. After inspecting npbackup.conf (stdin_from_command hint), I used –external-backend-binary to point to my malicious reverse shell script → root shell → root.txt captured.

Loved how it combined modern sandbox escape with classic sudo misconfig abuse. Solid box for anyone practicing foothold → lateral → root paths.

#HackTheBox #CTF #PenetrationTesting #Cybersecurity #PrivilegeEscalation #SandboxEscape #LinuxPrivilegeEscalation #RedTeamOps #BugBountyHunter #EthicalHacking …

Learn MoreHack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty

25 Oct, 2025

Hack The Box: Artificial Machine Walkthrough – Easy Diffucilty

Easy Machine backrest, BurpSuite, Challenges, docker, h5, HackTheBox, hashcat, Linux, netcat-openbsd, restic, sqlite3

Hacking the “Artificial” Machine on Hack The Box!

Conquered the “Artificial” machine on Hack The Box! 🕵️‍♂️ I scanned the target, identified a web server on port 80, and created an account to access its dashboard, where I uploaded a malicious .h5 file to trigger a reverse shell. Using a Docker environment, I gained a shell as the app user, found a SQLite database (users.db), and cracked its password hashes to reveal credentials for user “gael,” allowing me to grab the user flag via SSH from user.txt. For root, I discovered port 9898 running Backrest, forwarded it, and enumerated backup files, finding a bcrypt-hashed password in config.json. Decoding a base64 value yielded a plaintext password, granting access to the Backrest dashboard, where I exploited the RESTIC_PASSWORD_COMMAND to trigger a root shell and secure the root flag from root.txt.

#Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation …

Learn MoreHack The Box: Artificial Machine Walkthrough – Easy Diffucilty

23 Aug, 2025

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Medium Machine BloodHoundCE, BurpSuite, Challenges, CVE-2023-34598, faketime, Gibbon, HackTheBox, hashcat, impacket, Local Fle Inclusion, Penetration Testing, python3, SharpGPOAbuse, sqlite3, ssh, Windows

I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

#Cybersecurity #CTF #EthicalHacking #PenetrationTesting …

Learn MoreHack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

16 Aug, 2025

Hack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Challenges, CVE-2023-46818, HackTheBox, hashcat, ispconfig, Linux, port forwarding, python3, sqlite3, ssh, xmllint

Captured the user flag by exploiting a file upload feature, unpacking .odt files to reveal a hidden password with xmllint, and injecting a reverse shell via the backup feature to get a www-data shell. Retrieved hashes from the nocturnal_database, cracked Tobias’s password (slowmotionapocalypse), and obtained the user flag. For the root flag, enumerated open ports, found port 8080 running ISPConfig, accessed it with admin credentials, identified the version, executed a public exploit, and gained root shell to capture the root flag.

#HTB #HackTheBox #CyberSecurity #RedTeam #CTF #PenTesting #Nocturnal #LinuxExploitation #WebExploitation #PrivilegeEscalation …

Learn MoreHack The Box: Nocturnal Machine Walkthrough – Easy Difficulty

5 Jul, 2025

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Medium Machine BurpSuite, Challenges, command injection, Cross Site Scripting, git-dumper, Gitea, gobuster, HackTheBox, hashcat, Linux, Penetration Testing, port forwarding, source code review, SQL, SQL Injection, sqlite3, ssh

Hack The Box Success: Cat Machine Write-Up Published!

I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup …

Learn MoreHack The Box: Cat Machine Walkthrough – Medium Diffculity

14 Jun, 2025

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Insane Machine bitlocker, Bloodhound, BloodHoundCE, bloodyAD, BurpSuite, Certipy, Challenges, evil-winrm, HackTheBox, hashcat, impacket, john the ripper, kerbrute, Output Messenger, Penetration Testing, RDP, sqlite3, Windows, Wireshark

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
…

Learn MoreHack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

17 May, 2025

Hack The Box: Heal Machine Walkthrough – Medium Difficulty

Medium Machine BurpSuite, Challenges, consul, HackTheBox, hashcat, jwt, LimeSurvey, Linux, Path Traversal, Penetration Testing, port forwarding, rails, ruby, sqlite3, ssh

Writeup Summary: Heal (Hack The Box)

This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding.

This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement.

#HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation …

Learn MoreHack The Box: Heal Machine Walkthrough – Medium Difficulty

8 Mar, 2025

Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty

Easy Machine BurpSuite, Challenges, CIF, Crystallographic Information File (CIF), CVE-2024-23346, HackTheBox, Linux, Penetration Testing, sqlite3

A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**.

Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**.

This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks.

#CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF …

Learn MoreHack The Box: Chemistry Machine Walkthrough – Easy Difficulty

14 Dec, 2024

Hack The Box: Compiled Machine Walkthrough – Medium Difficulty

Medium Machine Challenges, CVE-2024-20656, CVE-2024-32002, evil-winrm, git, Gitea, HackTheBox, hashcat, Penetration Testing, python3, sqlite3, ssh, Visual Studio Code, Windows

Threatninja.net

Threatninja.net

Tag Archives: sqlite3