More results...
Completed the Browsed machine on Hack The Box ๐
Gained initial access by uploading a malicious Chrome extension with a reverse shell payload. Automated testing executed it, giving a foothold as larry and access to user flag.
Escalated privileges by abu…
Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications may test each one once a year, or less. In the time between tests, the under…
Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel bump to 6.18, and severa…
Successfully completed the Conversor machine on Hack The Box, focusing on web exploitation and privilege escalation techniques.
For the user flag, initial access was gained by exploiting an insecure XSLT file upload feature. By leveraging EXSLT, I was able to write and execute a malicious script on the server, resulting in a reverse shell as a low-privileged user. Further enumeration uncovered a SQLite database containing hashed credentials, which were cracked to obtain valid SSH access and retrieve the user flag.
For the root flag, privilege escalation was achieved through a misconfigured sudo permission allowing execution of needrestart. This was abused to run a crafted script that modified system binaries, ultimately granting root-level access via a SUID bash shell and completing the machine.
#HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #WebSecurity #PrivilegeEscalation #RedTeam #InfoSec #CaptureTheFlag #CTF
The post Hack The Box: Conversor Machine Walkhtrough โ Easy Difficulity appeared first on Threatninja.net.
Completed the Gavel (Medium) machine on Hack The Box. The initial foothold came from an exposed .git directory that leaked the applicationโs source code and bcrypt password hashes. After cracking the credentials with John the Ripper, I gained access and achieved a reverse shell through command injection in the admin rule field. Reusing the cracked credentials allowed privilege escalation to the application user and retrieval of the user flag.
Root access was obtained by abusing the gavel-util submission feature, which executed YAML rule fields using PHP system(). By overwriting the custom php.ini to remove restrictions and creating a SUID Bash binary, it was possible to spawn a root shell and capture the final flag.
#HackTheBox #HTB #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #LinuxSecurity #WebSecurity #PrivilegeEscalation #CTF
The post Hack The Box: Gavel Machine Walkthrough โ Medium Difficulity appeared first on Threatninja.net.
Penetration testing engagements are organized as scheduled contracts with defined scope, set testing windows, and direct communication channels with client teams. Cobaltโs 2026 Pentester Profile Report describes growing preference for penetration testi…
A cybersecurity competition produced what may be the largest controlled dataset comparing AI-augmented teams to human-only teams on professional-grade offensive security tasks. The event, called NeuroGrid, ran for 72 hours on the Hack The Box platform …
BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent structure for offensive workflows BlacksmithAI runs as a hierarchical system in whic…
๐ User Flag โ Compromising the Application Layer
Successfully rooted the Guardian (Hard) machine on Hack The Box by chaining multiple real-world web vulnerabilities.Initial access was achieved through credential abuse and IDOR within the student portal. Leaked chat credentials exposed internal Gitea repositories containing hardcoded database secrets. A vulnerable XLSX file upload feature allowed formula injection โ XSS โ session hijacking. Leveraging CSRF, I created a rogue admin account and escalated privileges within the application. From there, an LFI vulnerability combined with a PHP filter chain led to Remote Code Execution. After gaining a shell as www-data, I reused leaked credentials to pivot laterally to user jamil, capturing the user flag.
๐ Root Flag โ From Code Injection to Full System Compromise
Privilege escalation started with sudo -l, revealing that jamil could execute a Python utility as user mark without a password. Since one of the Python files was writable, I injected code to spawn a shell as mark. Further enumeration uncovered a custom binary (safeapache2ctl) executable as root. A flawed validation mechanism in its Apache config parsing allowed path traversal and arbitrary file inclusion. By crafting a malicious shared object (evil.so) and abusing the wrapperโs improper include validation, I achieved root-level code execution and obtained a root shell.
The post Hack The Box: Guardian Machine Walkthrough โ Hard Difficulty appeared first on Threatninja.net.
Offensive security operations are evolving with a new method for running Kali Linux. By combining Kali with Anthropicโs Claude AI via the Model Context Protocol (MCP), security analysts can now execute penetration testing tools using simple natural lan…