sql injection – MCYSEKA-Maritime Cyber Security Knowledge Archive

Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity

Initial access was achieved through exposed monitoring and documentation services, which leaked internal service names and an unauthenticated workflow configuration. This disclosure revealed sensitive secrets, a vulnerable webhook parameter, and ultimately credentials for a backup system. Abuse of misconfigured backup tooling and sudo privileges allowed extraction of private SSH keys, enabling lateral movement across multiple user accounts and retrieval of the user flag.

Privilege escalation to root involved reverse-engineering a custom SUID binary. Analysis exposed a predictable pseudorandom password generator caused by unsafe seeding logic and an integer overflow, significantly reducing entropy. Recreating the binary locally and brute-forcing the constrained seed space yielded valid credentials, granting SSH access to a privileged user with unrestricted sudo rights and full system compromise.

This machine was a strong example of how exposed internal tooling, poor secret handling, and flawed custom binaries can combine into a complete attack chain.

#HackTheBox #CyberSecurity #OffensiveSecurity #PenetrationTesting #RedTeam #PrivilegeEscalation #ReverseEngineering #LinuxSecurity #Infosec #CTF

The post Hack The Box: WhiteRabbit Machine Walkthough – Insane Difficulity appeared first on Threatninja.net.

December 13, 2025

0 comment

SEO spam and hidden links: how to protect your website and your reputation

Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.

October 17, 2025

0 comment

Hack The Box: Cat Machine Walkthrough – Medium Diffculity

Hack The Box Success: Cat Machine Write-Up Published!

I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.

#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup

The post Hack The Box: Cat Machine Walkthrough – Medium Diffculity appeared first on Threatninja.net.

July 5, 2025

0 comment

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.

April 3, 2025

0 comment

Researchers Discover SQL Injection Issue That Can Bypass Airport Security

Researchers highlighted a serious security threat posed to airports and flight cockpits due to a…
Researchers Discover SQL Injection Issue That Can Bypass Airport Security on Latest Hacking News | Cyber Security News, Hacking Tools and Penetratio…

September 4, 2024

0 comment

SQL Injection Attack on Airport Security

Interesting vulnerability:

…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all…

September 2, 2024

0 comment

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may sh…

November 2, 2023

0 comment

Hack The Box: Intentions Machine Walkthrough – Hard Difficulty

In this post, I would like to share a walkthrough of the Intentions Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Intentions machine? For the user flag, you will need to abuse the SQL Injection of the second order which will […]

The post Hack The Box: Intentions Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

October 14, 2023

0 comment

HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty

In this post, I would like to share a walkthrough of the OnlyforYou Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the OnlyforYou machine? For the user flag, you will need to able to read different files throughout an LFI Vulnerability that […]

The post HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

August 26, 2023

0 comment

Hack The Box: Socket Machine Walkthrough – Medium Difficulty

In this post, I would like to share a walkthrough of the Socket Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Socket machine? For the user flag, you will need to download the Windows Application which requires our attention especially when […]

The post Hack The Box: Socket Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

July 15, 2023

0 comment

1 2

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28