More results...
How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday workflows. Most devs hav…
New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastructure network. […]
NVIIA’s incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies.
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.
Introduction to MagicGardens: This write-up will explore the “MagicGardens” machine from Hack The Box, which is categorized as an insanely difficult challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on MagicGardens machine: The goal of this walkthrough is to complete the “MagicGardens” machine from Hack […]
The post HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty appeared first on Threatninja.net.
Introduction to Strutted: This write-up will explore the “Strutted” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Strutted” machine from Hack The Box by achieving the following […]
The post Hack The Box: Strutted Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.
Introduction to Sightless: In this write-up, we will explore the “Sightless” machine from Hack the Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Sightless” machine from Hack The Box by […]
The post Hack The Box: Sightless Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.
In this post, I would like to share a walkthrough of the Corporate Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Corporate machine? For the user flag, you need to abuse a complex XSS attack that involves two HTML injections and a dynamic JavaScript injection […]
The post Hack The Box: Corporate Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.