Completed Hack The Box machine “Interpreter” after exploiting CVE-2023-43208 in NextGen Healthcare Mirth Connect 4.4.0. Initial access involved API enumeration, unsafe Java deserialization exploitation, reverse shell execution, and database credential extraction from Mirth Connect configuration files. Cracking the recovered PBKDF2-HMAC-SHA256 hash provided SSH access as sedric and access to the user flag.

Privilege escalation involved enumerating a root-owned Flask notification service vulnerable to Server-Side Template Injection (SSTI). By forwarding the internal service over SSH and crafting a malicious XML payload, remote command execution as root was achieved, leading to retrieval of the root flag.

#HackTheBox #HTB #CyberSecurity #RedTeam #EthicalHacking #PenetrationTesting #OffensiveSecurity #WebSecurity #PrivilegeEscalation #SSTI #Deserialization #Linux #InfoSec #CVE202343208 …

Learn MoreHack The Box:Interpreter Machine Walkthrough – Medium Difficulty

Wrapped up another solid box with a clean chain from web exploitation to full host compromise.

Gained initial access through an IDOR vulnerability on the /user endpoint, which exposed an admin hash that cracked to wonderful1. This provided access to the Cacti dashboard as marcus. From there, exploiting CVE-2025-24367 led to a reverse shell inside a Docker container as www-data, where the user flag was retrieved.

Privilege escalation came from spotting an exposed Docker API. By deploying a privileged container and mounting the host filesystem, it was possible to break out of the container and access the Windows host, ultimately retrieving the root flag.

Nice reminder of how small web flaws can cascade into full infrastructure compromise when combined with misconfigurations like exposed Docker daemons.

#cybersecurity #penetrationtesting #redteam #docker #privilegeescalation #websecurity #ethicalhacking #infosec …

Learn MoreHack The Box: MonitorsFour Machine Walkthrough – Easy Diffucilty

Completed the Pterodactyl machine on Hack The Box, focusing on end-to-end exploitation.

The attack started with a path traversal vulnerability (CVE-2025-49132) in the Pterodactyl Panel, leading to unauthenticated RCE. This access allowed database extraction, credential recovery, and SSH access as a low-privileged user.

Privilege escalation was achieved through PAM environment variable poisoning (CVE-2025-6018), followed by a more stable root shell using a libblockdev/udisks race condition (CVE-2025-6019).

A solid exercise in chaining web exploitation with local privilege escalation techniques.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #CTF #Linux #PrivilegeEscalation #WebSecurity …

Learn MoreHack The Box: Pterodactyl Machine Walkthrough – Medium Difficulity

Just completed “Overwatch” — Medium difficulty machine on Hack The Box! ✅

This Windows AD environment provided an excellent learning experience combining reconnaissance, service enumeration, and creative privilege escalation techniques.

After gaining initial access via a low-privileged service account and securing a stable WinRM shell, post-exploitation enumeration quickly led to the first flag on the user’s desktop.

For privilege escalation, I focused on an internally exposed service that contained a dangerous command injection vulnerability. By exploiting this flaw, I was able to create a new administrator account, elevate my privileges, and eventually compromise the Administrator user — granting full system control and allowing retrieval of the final flag.

Really enjoyed the logical flow and the clever abuse of internal services in this box!

#HackTheBox #HTB #PenetrationTesting #CyberSecurity #EthicalHacking #ActiveDirectory #PrivilegeEscalation #RedTeam #Infosec …

Learn MoreHack The Box: Overwatch Machine Walkthrough- Medium Difficulity

Recently, I completed the “Sorcery” machine on Hack The Box (Insane difficulty), which provided a deep, multi-layered challenge combining modern web exploitation, internal pivoting, and complex privilege escalation.

The attack began with reconnaissance of a self-hosted Gitea instance, where exposed source code revealed the application architecture. This led to identifying a Cypher injection vulnerability in functionality backed by Neo4j, which enabled SSRF to leak sensitive data such as password hashes and a registration key. After gaining seller access, a stored XSS payload was used to hijack an admin session and access a restricted debug feature. This interface allowed interaction with internal services, ultimately achieving remote code execution via a Kafka-based payload. From there, pivoting with Ligolo-ng exposed internal services, including an FTP server containing an encrypted private key, which was cracked offline to gain SSH access and retrieve the user flag.

Privilege escalation required chaining multiple subtle misconfigurations. A running Xvfb instance exposed a screen dump containing credentials for a higher-privileged user. With limited sudo access, strace was used to capture plaintext credentials from running processes. Further enumeration revealed activity tied to FreeIPA, where identity management controls were abused to gain full sudo privileges. After applying the changes, this ultimately led to root access and full system compromise.

#HackTheBox #CyberSecurity #PenetrationTesting #RedTeam #EthicalHacking #CTF #Infosec #PrivilegeEscalation #WebSecurity …

Learn MoreHack The Box: Sorcery Machine Walkthrough – Insane Difficulty

Recently, I completed the “Airtouch” machine on Hack The Box (Medium difficulty), which provided a great hands-on experience in combining system exploitation with wireless attack techniques.

The challenge started with basic reconnaissance and service enumeration, leading to initial access via SSH as a low-privileged user. From there, misconfigured sudo permissions allowed quick privilege escalation on the host. What made this machine particularly interesting was its setup as a wireless attack platform, requiring interaction with a simulated corporate Wi-Fi environment.

By cracking a WPA2-PSK handshake and connecting to the internal network, I was able to pivot further, access an internal access point, and exploit an unrestricted file upload vulnerability to gain remote shell access. Additional enumeration revealed credentials that enabled lateral movement to a management server, ultimately leading to full root compromise.

Overall, this machine was a great reminder of how misconfigurations, weak credentials, and insecure file handling can chain together into a full system compromise—especially in complex environments involving internal networks and wireless infrastructure.

#HackTheBox #CyberSecurity #PenetrationTesting #RedTeam #EthicalHacking #CTF #Infosec #PrivilegeEscalation #NetworkSecurity …

Learn MoreHack The Box: Airtouch Mahcine Walkthrough – Medium Diffiiculty

Just completed the Eighteen machine on Hack The Box — a great example of chaining multiple techniques from initial access to full domain compromise.

Gained initial foothold by cracking WinRM credentials (adam.scott / iloveyou1) and accessing the system via Evil-WinRM. From there, escalated privileges by abusing Delegated Managed Service Accounts (DMSA) using BadSuccessor, allowing impersonation of the Administrator.

Set up a Ligolo-ng tunnel to reach the domain controller, leveraged Kerberos ticket abuse with Impacket, and successfully dumped NTDS secrets. This led to extracting the Administrator NTLM hash and achieving full system compromise via Pass-the-Hash.

A solid walkthrough covering credential abuse, AD misconfigurations, Kerberos attacks, and pivoting techniques.

#HackTheBox #CyberSecurity #RedTeam #PenetrationTesting #ActiveDirectory #Kerberos #PrivilegeEscalation #EthicalHacking #Infosec #OffensiveSecurity …

Learn MoreHack The Box: Eighteen Machine Walkthrough – Easy Difficulity

Just completed the DarkZero machine from HackTheBox (Hard difficulty)!

After gaining a foothold on DC02 via a misconfigured MSSQL linked server and escalating to local Administrator using SigmaPotato token impersonation + RunasCs, we successfully captured the user flag from the Administrator’s desktop.

Dumped the domain Administrator NT hash with secretsdump, then used Evil-WinRM to get a full shell as Administrator on DC02 and retrieved the root flag.

#HackTheBox #HTB #Pentesting #ActiveDirectory #RedTeam #CyberSecurity #PrivilegeEscalation …

Learn MoreHack The Box: Darkzero Machine – Hard Difficulity

Completed the Browsed machine on Hack The Box 🚀

Gained initial access by uploading a malicious Chrome extension with a reverse shell payload. Automated testing executed it, giving a foothold as larry and access to user flag.

Escalated privileges by abusing a misconfigured sudo rule on extension_tool.py. A world-writable pycache directory allowed bytecode poisoning, leading to root access and full compromise.

Great box for practicing client-side attacks, extension abuse, and privilege escalation via Python internals.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #PrivilegeEscalation #WebSecurity #CTF …

Learn MoreHack The Box: Browsed Machine Walkthrough – Medium Diffucility

Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.

For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.

For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.

#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF …

Learn MoreHack The Box: Conversor Machine Walkhtrough – Easy Difficulity