• Search for:

    Tag Archives: ssti

    1. Home  - 
    2. Posts tagged "ssti"
    31 Jan, 2026
    Hack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty
    Easy Machine , , , , , , , , , ,

    Just finished CodePartTwo on Hack The Box — a fun Easy-rated Linux box that taught me a lot!

    Initial access came via a js2py sandbox escape in their online JavaScript code editor (CVE-2024-28397 style prototype chain abuse) → reverse shell as ‘app’.
    Post-exploitation: found users.db in /app/instance → quick Python HTTP server exfil → local sqlite3 dump → two MD5 hashes. CrackStation instantly revealed marco’s password (sweetangelbabylove).
    Lateral move: SSH as marco → user.txt claimed.

    Privesc: sudo -l gave NOPASSWD /usr/local/bin/npbackup-cli. After inspecting npbackup.conf (stdin_from_command hint), I used –external-backend-binary to point to my malicious reverse shell script → root shell → root.txt captured.

    Loved how it combined modern sandbox escape with classic sudo misconfig abuse. Solid box for anyone practicing foothold → lateral → root paths.

    #HackTheBox #CTF #PenetrationTesting #Cybersecurity #PrivilegeEscalation #SandboxEscape #LinuxPrivilegeEscalation #RedTeamOps #BugBountyHunter #EthicalHacking …

    Learn MoreHack The Box: CodePartTwo Machine Walkthrough – Easy Diffculty

    1 Feb, 2025
    Hack The Box: Trickster Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , , , , , , , ,

    Introduction to Trickster: In this write-up, we will explore the “Trickster” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of

    Continue ReadingHack The Box: Trickster Machine Walkthrough – Medium Difficulty

    17 Jul, 2022
    HackTheBox: Redpanda Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the RedPanda Machine from Hack the Box This room will be considered an Easy machine on Hack The box What will you gain from the RedPanda machine? For the user flag,

    Continue ReadingHackTheBox: Redpanda Machine Walkthrough – Easy Difficulty

    18 Apr, 2022
    HackTheBox: Talkative Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Talkative Machine from Hack the Box This room will be considered as a Hard machine on Hack The box What will you gain from the Talkative machine? For the user flag, you

    Continue ReadingHackTheBox: Talkative Machine Walkthrough – Hard Difficulty

    13 Mar, 2022
    Hack The Box: GoodGames Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the GoodGames Machine from Hack the Box This room will be considered as an Easy machine on Hack The box What will you gain from the GoodGames machine? For the user flag, you

    Continue ReadingHack The Box: GoodGames Machine Walkthrough – Easy Difficulty

    3 Oct, 2021
    HackTheBox: Bolt Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Bolt Machine from HackTheBox This room has been considered difficulty rated as a medium machine on HackThebox What will you gain from the Bolt machine? For the user flag, you will execute

    Continue ReadingHackTheBox: Bolt Walkthrough – Medium Difficulty

    1 Jun, 2021
    Hackthebox: Spider Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , ,

    In this post, i would like to share a walkthrough on Spider Machine. This room has been considered difficulty rated as HARD machine Information Gathering on Spider machine Once we have started the VPN connection, we can start the information gathering on the machine

    Continue ReadingHackthebox: Spider Machine Walkthrough – Hard Difficulty