penetration testing

Hack The Box: Certified Machine Walkthrough – Medium Difficulty

Access is gained using Judith Mader’s credentials, allowing enumeration of network resources. CrackMapExec identifies key accounts like management_svc and ca_operator. Privilege escalation is performed using a Shadow Credentials attack with Certipy, taking control of management_svc. With valid credentials, Evil-WinRM establishes a remote session, leading to the user flag.

For root access, the attack exploits Active Directory Certificate Services by modifying ca_operator’s User Principal Name (UPN) to Administrator, enabling a privileged certificate request. A vulnerable ESC9 certificate is issued without linking back to ca_operator, effectively granting Administrator access. The UPN is restored to avoid detection, and authentication via Kerberos retrieves the NT hash of the Administrator account. Full system control is confirmed by obtaining the root flag.

#HackTheBox #Pentesting #ActiveDirectory #PrivilegeEscalation #CyberSecurity #EthicalHacking

The post Hack The Box: Certified Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

March 15, 2025
0 comment
Read More >>

Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty

A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**.

Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**.

This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks.

#CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF

The post Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

March 8, 2025
0 comment
Read More >>

Hack The Box: Instant Machine Walkthrough – Medium Difficulty

Introduction to Instant: In this writeup, we will explore the “Instant” machine from Hack The Box, which is categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Instant” machine from Hack The Box […]

The post Hack The Box: Instant Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

March 1, 2025
0 comment
Read More >>

Dalfox: Open-source XSS scanner

DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. “The uni…

February 26, 2025
0 comment
Read More >>

Hack The Box: Yummy Machine Walkthrough – Hard Difficulty

Introduction to Yummy: This write-up will explore the “Yummy” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Yummy” machine from Hack The Box by achieving the […]

The post Hack The Box: Yummy Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

February 22, 2025
0 comment
Read More >>

Hack The Box: Cicada Machine Walkthrough – Easy Difficulty

Introduction on Cicada: In this write-up, we will explore the “Cicada” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of Cicada: The goal of this walkthrough is to complete the “Cicada” machine from Hack […]

The post Hack The Box: Cicada Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

February 15, 2025
0 comment
Read More >>

HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty

Introduction to MagicGardens: This write-up will explore the “MagicGardens” machine from Hack The Box, which is categorized as an insanely difficult challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on MagicGardens machine: The goal of this walkthrough is to complete the “MagicGardens” machine from Hack […]

The post HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty appeared first on Threatninja.net.

February 8, 2025
0 comment
Read More >>

Hack The Box: Trickster Machine Walkthrough – Medium Difficulty

Introduction to Trickster: In this write-up, we will explore the “Trickster” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of Trickster: The goal of this walkthrough is to complete the “Trickster” machine from Hack The […]

The post Hack The Box: Trickster Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

February 1, 2025
0 comment
Read More >>

Hack The Box: Strutted Machine Walkthrough – Medium Difficulty

Introduction to Strutted: This write-up will explore the “Strutted” machine from Hack The Box, categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Strutted” machine from Hack The Box by achieving the following […]

The post Hack The Box: Strutted Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

January 28, 2025
0 comment
Read More >>