penetration testing

Hack The Box: Editor Machine Walkthrugh – Easy Difficulity

User access was achieved by enumerating an XWiki instance running on port 8080, identifying its vulnerable version, and exploiting an unauthenticated RCE in the Solr component (CVE-2025-24893). The foothold exposed plaintext database credentials in the XWiki configuration file, which were reused for the system user, allowing a successful SSH login as oliver.

Root access came from a misconfigured Netdata installation. Several root-owned plugins were SUID and group-writable, and oliver belonged to the netdata group. Replacing the ndsudo plugin with a custom SUID payload allowed Netdata to execute it as root, granting full system compromise and the root flag.

#HackTheBox #CyberSecurity #PenetrationTesting #PrivilegeEscalation #EthicalHacking #RedTeam #CTF #XWiki #CVE2025 #Netdata #LinuxSecurity

The post Hack The Box: Editor Machine Walkthrugh – Easy Difficulity appeared first on Threatninja.net.

December 6, 2025
0 comment
Read More >>

Hack The Box: Era Machine Walkthrough – Medium Difficulity

Compromising the Era HTB machine involved chaining multiple weaknesses across the web layer and system layer. Initial access was obtained through an IDOR flaw in a file-sharing platform, allowing unrestricted file retrieval by enumerating numeric IDs. Leaked backups exposed source code, plaintext credentials, and an SSH private key, enabling lateral movement as eric. Further analysis uncovered a root-executed integrity-check binary in a world-writable directory. By extracting its signature, injecting it into a backdoored replacement, and waiting for the cron job to trigger, privileged execution was achieved. A resulting callback delivered full root access and allowed retrieval of the final flag.

#HTB #HackTheBox #CyberSecurity #Pentesting #WebSecurity #IDOR #PrivilegeEscalation #LinuxSecurity #RedTeam #CTF #InfoSec

The post Hack The Box: Era Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.

November 29, 2025
0 comment
Read More >>

Hack The Box: Mirage Machine Walkthrough – Hard Difficulity

Compromising the Mirage domain started with a simple clue hidden in an exposed NFS share. Inside a PDF report was a missing DNS record—just enough to pivot. By hijacking the DNS entry, I intercepted NATS JetStream traffic and captured real authentication logs, including valid credentials. After fixing the system time and obtaining a Kerberos TGT, I gained my first foothold on the domain controller and captured the user flag.

From there, the path to domain dominance unfolded through Active Directory weaknesses. An SPN ticket leak led to a cracked password, which opened the door to BloodHound reconnaissance and more credentials. I reset a disabled user’s password, extracted a service account’s managed password, and used Certipy to transform certificate abuse into full machine-level impersonation. With Resource-Based Constrained Delegation enabled, I forged Kerberos tickets, dumped every domain hash, and finally authenticated as Administrator—securing the root flag.

#CyberSecurity #PenetrationTesting #Kerberos #ActiveDirectory #RedTeam #HackTheBox #Infosec #PrivilegeEscalation

The post Hack The Box: Mirage Machine Walkthrough – Hard Difficulity appeared first on Threatninja.net.

November 22, 2025
0 comment
Read More >>

What AWS and Cloudflare Outages Teach Us About Cloud Configuration Risks

On Tuesday, 18 November, a Cloudflare outage took a significant part of the Internet offline, including major sites, enterprise platforms and public-facing services. Ironically, even Downdetector – the platform that provides real-time information about service outages – apparently went down for a time. This wasn’t an isolated incident, either: an AWS (Amazon Web Services) outage about a month ago caused similar disruption to thousands of dependent services and was followed a few days later by a smaller Microsoft Azure outage. If the largest Cloud providers can experience outages of this size, it’s no great stretch to suggest that all organisations

The post What AWS and Cloudflare Outages Teach Us About Cloud Configuration Risks appeared first on IT Governance Blog.

November 20, 2025
0 comment
Read More >>

Hack The Box: Outbound Machine Walkthrough – Easy Difficulity

Successfully completed the Outbound HTB machine. Initial access was gained by exploiting CVE‑2025‑49113 in Roundcube 1.6.10 using Tyler’s credentials, which allowed remote code execution.

Investigation of Roundcube’s configuration revealed database credentials, enabling decryption of Jacob’s session data and retrieval of his plaintext password. Using this, SSH access was obtained to capture the user flag.

Privilege escalation was achieved via CVE‑2025‑27591 by exploiting a world-writable /var/log/below directory, allowing command execution as root and retrieval of the root flag. This walkthrough highlights the importance of secure configuration, patching, and proper permission management.

#HackTheBox #CyberSecurity #PenTesting #EthicalHacking #VulnerabilityExploitation #Roundcube #PrivilegeEscalation #LinuxSecurity #CVE2025

The post Hack The Box: Outbound Machine Walkthrough – Easy Difficulity appeared first on Threatninja.net.

November 15, 2025
0 comment
Read More >>

Hack The Box: RustyKey Machine Walkthrough – Hard Difficulity

Authenticated to rustykey.htb as bb.morgan after exploiting Kerberos flows and resolving a time sync issue: obtained a TGT (bb.morgan.ccache), set KRB5CCNAME, and used evil‑winrm to capture the user flag.
Escalated to SYSTEM by abusing machine account and delegation: IT‑COMPUTER3$ was used to modify AD protections and reset ee.reed’s password, S4U2Self/S4U2Proxy impersonation produced backupadmin.ccache, and Impacket was used to deploy a service payload to achieve a SYSTEM shell and capture the root flag.

#CyberSecurity #RedTeam #Kerberos #ActiveDirectory #PrivilegeEscalation #HackTheBox #Impacket #WindowsAD

The post Hack The Box: RustyKey Machine Walkthrough – Hard Difficulity appeared first on Threatninja.net.

November 8, 2025
0 comment
Read More >>

Hack The Box: Voleur Machinen Walkthrough – Medium Difficulty

Cracked a password-protected Excel on an SMB share to recover service-account credentials, used Kerberos to access a user account and capture user.txt, then leveraged AD write permissions to restore a deleted admin, decrypt DPAPI artefacts for high‑priv creds, and access the DC to grab root.txt.

#HackTheBox #ADSecurity #Kerberos #DPAPI #RedTeam #CTF

The post Hack The Box: Voleur Machinen Walkthrough – Medium Difficulty appeared first on Threatninja.net.

November 1, 2025
0 comment
Read More >>

Proximity: Open-source MCP security scanner

Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also wor…

October 29, 2025
0 comment
Read More >>