penetration testing – Page 2 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Hack The Box: GiveBack machine walkthrough – Medium Difficulity

Just completed the Giveback machine on Hack The Box (Medium difficulty).
Started with Nmap → WordPress + vulnerable GiveWP 3.14.0 (CVE-2024-5932 / CVE-2024-8353 PHP Object Injection) → unauthenticated RCE via donation form PoC → reverse shell as bitnami in a Bitnami Kubernetes pod.
Pivoted using mounted K8s service account token → abused the API + exploited a vulnerable legacy PHP-CGI intranet service → broke out to the host as user babywyrm → grabbed user.txt.

For root: passwordless sudo on custom /opt/debug binary → used dumped secret as admin password → crafted malicious OCI config.json → ran privileged container via runc breakout → read root.txt.
Great chain: web vuln → container escape → K8s lateral → sudo abuse.
Loved the real-world Kubernetes misconfig + runc wrapper elements.

#HackTheBox #CTF #PenetrationTesting #KubernetesSecurity #ContainerEscape #RCE #PrivilegeEscalation #Cybersecurity

The post Hack The Box: GiveBack machine walkthrough – Medium Difficulity appeared first on Threatninja.net.

February 21, 2026

0 comment

Hack The Box: Soulmate machine walkthrough – Easy Difficulitty

Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
Credential reuse let me su ben and grab user.txt

Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt

Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!

#HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam

The post Hack The Box: Soulmate machine walkthrough – Easy Difficulitty appeared first on Threatninja.net.

February 14, 2026

0 comment

Hack The Box: Signed Machine Walkthrough – Medium Difficulity

After escalating to a SYSTEM-level PowerShell reverse shell using xp_cmdshell and a base64-encoded payload that called back to my netcat listener on port 9007, I navigated to the user profile and read the user flag directly with type user.txt.

With full sysadmin rights on the SQL instance as SIGNED\Administrator (thanks to a forged silver ticket with Domain Admins membership), I enabled xp_cmdshell, launched a reverse shell to land SYSTEM access, then grabbed the root flag from

Box fully pwned — domain admin and SYSTEM in the bag!

#HackTheBox #HTBSigned #PenetrationTesting #CyberSecurity #PrivilegeEscalation #ActiveDirectory #RedTeam #CTF #EthicalHacking #OffensiveSecurity

The post Hack The Box: Signed Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.

February 7, 2026

0 comment

Open-source AI pentesting tools are getting uncomfortably good

AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI, the Cybersecurity AI framework, and…

February 2, 2026

0 comment

Hack The Box: Imagery Machine Walkthrough – Medium Difficulity

Just completed the Imagery machine on Hack The Box (Medium). The challenge involved identifying weaknesses in a custom web application, analysing exposed application logic and data, and chaining these issues to move laterally within the system to gain user-level access. Further investigation highlighted how overlooked privilege boundaries and misconfigured trusted utilities can be abused to escalate privileges and obtain full administrative control.

#HackTheBox #CyberSecurity #WebSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #CTF #InfoSec

The post Hack The Box: Imagery Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.

January 24, 2026

0 comment

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—one of the costliest cyber attacks in history—using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches. …

January 23, 2026

0 comment

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever

Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reportin…

January 21, 2026

0 comment

Product showcase: Penetration test reporting with PentestPad

If you’ve done a pentest before, you know things can get messy fast. You start organized, but a few hours in, notes are scattered, screenshots have odd filenames, and small details get lost. PentestPad was built to help with that, not to change how you…

January 16, 2026

0 comment

Novee Emerges From Stealth With $51.5 Million in Funding

Novee provides continuous AI-driven penetration testing to uncover and address novel vulnerabilities.
The post Novee Emerges From Stealth With $51.5 Million in Funding appeared first on SecurityWeek.

January 14, 2026

0 comment

Hack The Box: Previous Machine Walkthrough – Medium Difficulty

🎯 Just rooted the ‘Previous’ machine on Hack The Box!

Started with a Next.js app exposing a path traversal bug in /api/download, leaked /etc/passwd → found user ‘jeremy’, then extracted the NextAuth provider code revealing credentials.

Abused .terraformrc dev_overrides to load a malicious custom provider binary.
Classic NextAuth misconfig + Terraform provider override chain. Loved the creativity!

#HackTheBox #CTF #PrivilegeEscalation #PathTraversal #NextJS #Terraform #CyberSecurity #PenetrationTesting #BugBounty”

The post Hack The Box: Previous Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

January 10, 2026

0 comment

1 2 3 4 … 26