penetration testing – Page 3 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Hack The Box: Titanic Machine Walkthrough – Easy Difficulty

Just wrapped up a detailed walkthrough of the Hack The Box Titanic machine — an easy-rated challenge packed with valuable learning opportunities!

The journey started with exploiting a directory traversal vulnerability to access sensitive Gitea configuration files and extract user credentials. From there, I gained SSH access as the developer user and retrieved the user flag.

Privilege escalation was achieved by exploiting a critical ImageMagick vulnerability (CVE-2024-41817) in a writable directory, allowing arbitrary code execution via a crafted shared library. I also discovered the developer user had unrestricted sudo privileges, providing a straightforward path to root.

#HackTheBox #CyberSecurity #Pentesting #CTF #PrivilegeEscalation #LinuxSecurity #ImageMagick #CVE202441817 #EthicalHacking #DirectoryTraversal

The post Hack The Box: Titanic Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

June 21, 2025

0 comment

Review: Learning Kali Linux, 2nd Edition

Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new …

June 16, 2025

0 comment

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF

The post Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity appeared first on Threatninja.net.

June 14, 2025

0 comment

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools

OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest Kali versio…

June 14, 2025

0 comment

Researchers warn of ongoing Entra ID account takeover campaign

Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions us…

June 12, 2025

0 comment

Build a mobile hacking rig with a Pixel and Kali NetHunter

A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck v2.1.0 The …

June 12, 2025

0 comment

Hack The Box: Backfire Machine Walkthrough – Medium Difficulty

Successfully rooted another Hack The Box machine by chaining multiple vulnerabilities across custom C2 frameworks. For the user flag, we exploited an SSRF vulnerability (CVE-2024-41570) in the Havoc C2 framework to access internal services, which we then chained with an authenticated RCE to execute arbitrary commands and gain a reverse shell as the ilya user. To maintain stable access, SSH keys were added for persistence, allowing us to retrieve the user.txt flag. For the root flag, we targeted the Hardhat C2 service by forging a valid JWT with a Python script to create an admin user, which provided shell access as sergej. Upon privilege escalation analysis, we found that sergej had sudo access to the iptables-save binary. This was abused to overwrite the /etc/sudoers file and escalate to root, ultimately retrieving the root.txt flag. Another great learning experience on the path to mastering offensive security!

#HackTheBox #CyberSecurity #InfoSec #RedTeam #CTF #PrivilegeEscalation #RCE #SSRF #Linux #HTB #EthicalHacking #PenetrationTesting #HavocC2 #HardhatC2 #JWT #SudoExploit #OSCP #BugBounty

The post Hack The Box: Backfire Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

June 7, 2025

0 comment

Product showcase: Smarter pentest reporting and exposure management with PlexTrac

The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigat…

June 2, 2025

0 comment

Hack The Box: Checker Machine Walkthrough – Hard Difficulty

Successfully exploited CVE-2023-1545 in Teampass to extract user credentials and leveraged CVE-2023-6199 in BookStack to obtain an OTP, gaining user-level access on the Checker machine. Privilege escalation was achieved by exploiting a sudo script interacting with shared memory, setting the SUID bit on /bin/bash to capture the root flag. A great example of combining application vulnerabilities with creative privilege escalation techniques!

#Cybersecurity #EthicalHacking #HackTheBox #PenetrationTesting #InfoSec #VulnerabilityResearch #PrivilegeEscalation #CTF #SecurityResearch

The post Hack The Box: Checker Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

May 31, 2025

0 comment

Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍

I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive!

#Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory

The post Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

May 24, 2025

0 comment

1 2 3 4 5 … 22