More results...
Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A…
Environment HTB: Full User & Root Flag Capture Through Exploitation
Captured both the user and root flags on the Environment HTB machine! We exploited Laravel 11.30.0 (PHP 8.2.28) vulnerabilities, including argument injection (CVE-2024-52301) and UniSharp Laravel Filemanager code injection. By bypassing authentication with `–env=preprod` and leveraging the profile upload feature, we executed a PHP reverse shell and retrieved the user flag via `cat user.txt`. For root access, we decrypted `keyvault.gpg` from the `.gnupg` directory to obtain credentials and exploited sudo with preserved BASH\_ENV by crafting a script that spawned a privileged shell, ultimately gaining full control of the system.
#CyberSecurity #HTB #PenTesting #EthicalHacking #LaravelExploits #PrivilegeEscalation #PHP #Infosec #BugBounty #RedTeam
The post Hack The Box: Environment Machine Walkthough-Medium Difficulty appeared first on Threatninja.net.
The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale.
The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.
I enumerated Spring Boot Actuator endpoints, including /actuator/heapdump, which revealed plaintext credentials for oscar190. SSH login as oscar190 was successful, though the home directory was empty. Analysis of application.properties exposed Eureka credentials (EurekaSrvr:0scarPWDisTheB3st), granting access to the Eureka dashboard. By registering a malicious microservice, I retrieved miranda.wise credentials and captured the user flag. For privilege escalation, I identified a vulnerable log_analyse.sh script, performed command injection, and created a SUID bash shell in /tmp/bash. Executing this shell provided root access, allowing retrieval of the root flag and full control of the machine.
#CyberSecurity #EthicalHacking #HackTheBox #PenTesting #PrivilegeEscalation #WebSecurity #SpringBoot #CTF #BugHunting #InfoSec #RedTeam #OffensiveSecurity
The post Hack The Box: Eureka Machine Walkthrough – Hard Dificulty appeared first on Threatninja.net.
I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.
#Cybersecurity #CTF #EthicalHacking #PenetrationTesting
The post Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.
Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs) and generative…
This $20 bundle offers lifetime access to AI and cybersecurity training for businesses, startups, and pros.
Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned a…
Compromised university.htb by exploiting ReportLab RCE (CVE-2023-33733) to gain initial access as wao. Forged a professor certificate to impersonate george, then uploaded a malicious lecture to compromise Martin.T.
Escalated privileges by exploiting a scheduled task with a malicious .url file, used LocalPotato (CVE-2023-21746) for elevation on WS-3, and abused SeBackupPrivilege to extract NTDS.dit, ultimately retrieving Domain Admin credentials.
🔍 A great hands-on challenge combining web exploitation, privilege escalation, and Active Directory abuse.
#CyberSecurity #RedTeam #CTF #PrivilegeEscalation #HTB #InfoSec #WindowsExploitation #PenetrationTesting #EthicalHacking #HackTheBox
The post Hack The Box: University Machine Walkthrough – Insane Walkthrough appeared first on Threatninja.net.
Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other hardware accelerators across Linux, Windows, and macOS, and includes features for d…