Threat Ninja Security Awareness

Successfully demonstrated advanced cybersecurity skills by exploiting a Ghost CMS vulnerability (CVE-2023-40028) to access sensitive credentials and secure the user flag. Identified and leveraged a sudo misconfiguration with the CHECK_CONTENT variable to escalate privileges and retrieve the root flag from /root/root.txt. Thrived in this hands-on challenge, sharpening penetration testing expertise! #HackTheBox #Cybersecurity #EthicalHacking #PenetrationTesting #CTF The post Hack The Box: LinkVortex Machine Walkthrough Easy Difficulty appeared first on Threatninja.net.

The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻 #HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking The post Hack The Box: Ghost Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.

This walkthrough examines the BlockBlock machine from Hack The Box, classified as a medium-difficulty challenge. The assessment began with the exploitation of an XSS vulnerability, which facilitated credential theft through the Ethereum JSON-RPC API, granting SSH access. Privilege escalation was achieved by leveraging the forge binary to obtain higher privileges, followed by exploiting a misconfigured pacman package manager to gain root access. This engagement underscores the critical importance of securing APIs, implementing robust input validation, and enforcing strict privilege escalation controls to mitigate security risks. #HackTheBox #CyberSecurity #PenetrationTesting #CTF #EthicalHacking #XSS #PrivilegeEscalation #BlockchainSecurity The post Hack The Box: BlockBlock Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

We discovered an XSS vulnerability in .md file uploads and the Contacts tab. By embedding an XSS payload and sharing the link, we extracted data from messages.php, revealing a file parameter vulnerable to LFI. This led us to /var/www/statistics.alert.htb/.htpasswd, which contained a hashed password. Using hashid, we identified it as MD5 (APR1-MD5) and cracked it with Hashcat, retrieving the password ManchesterUnited. With these credentials, we accessed the system and captured the user flag. After logging into statistics.alert.htb, we found port 8080 open. Using SSH port forwarding, we accessed a monitoring site but needed to locate its directory. Checking ps aux, we found it in /opt/website-monitor. We confirmed file access by testing a basic PHP file, which worked. We then uploaded a PentestMonkey reverse shell, but it didn’t execute. To ensure success, we crafted a reliable PHP shell, triggered it, and gained root access. 🔍 #CyberSecurity #BugBounty #EthicalHacking #PenTesting #CTF #HTB #WebSecurity #XSS #LFI #PrivilegeEscalation #Hacking The post Hack The Box: Alert Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Access is gained using Judith Mader’s credentials, allowing enumeration of network resources. CrackMapExec identifies key accounts like management_svc and ca_operator. Privilege escalation is performed using a Shadow Credentials attack with Certipy, taking control of management_svc. With valid credentials, Evil-WinRM establishes a remote session, leading to the user flag. For root access, the attack exploits Active Directory Certificate Services by modifying ca_operator’s User Principal Name (UPN) to Administrator, enabling a privileged certificate request. A vulnerable ESC9 certificate is issued without linking back to ca_operator, effectively granting Administrator access. The UPN is restored to avoid detection, and authentication via Kerberos retrieves the NT hash of the Administrator account. Full system control is confirmed by obtaining the root flag. #HackTheBox #Pentesting #ActiveDirectory #PrivilegeEscalation #CyberSecurity #EthicalHacking The post Hack The Box: Certified Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

A vulnerability in **Pymatgen (CVE-2024-23346)** allowed for **Remote Code Execution (RCE)** through a **malicious CIF file**. By injecting code into the **_space_group_magn.transform_BNS_Pp_abc** field and uploading it to the dashboard, nothing happened initially. However, clicking the **View button** triggered execution, leading to a **reverse shell**. With remote access secured, an **SQLite3 database** was explored, revealing **password hashes**, which were cracked to obtain valid credentials and retrieve the **user flag**. Further exploration uncovered an **aiohttp/3.9.1** service running on **port 8080**, restricting access to the **assets directory** with a **403 Forbidden** response. Leveraging an **LFI attack**, an **SSH key** was extracted, allowing for **privilege escalation** and access to the **root flag**. This scenario highlights the importance of **sanitizing file uploads, restricting directory access, and keeping dependencies updated** to mitigate security risks. #CyberSecurity #BugBounty #EthicalHacking #PrivilegeEscalation #RedTeam #WebSecurity #InfoSec #CTF The post Hack The Box: Chemistry Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Introduction to Instant: In this writeup, we will explore the “Instant” machine from Hack The Box, which is categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Instant” machine from Hack The Box… Read More »Hack The Box: Instant Machine Walkthrough – Medium Difficulty The post Hack The Box: Instant Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

Introduction to Yummy: This write-up will explore the “Yummy” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Yummy” machine from Hack The Box by achieving the… Read More »Hack The Box: Yummy Machine Walkthrough – Hard Difficulty The post Hack The Box: Yummy Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

Introduction on Cicada: In this write-up, we will explore the “Cicada” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective of Cicada: The goal of this walkthrough is to complete the “Cicada” machine from Hack… Read More »Hack The Box: Cicada Machine Walkthrough – Easy Difficulty The post Hack The Box: Cicada Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Introduction to MagicGardens: This write-up will explore the “MagicGardens” machine from Hack The Box, which is categorized as an insanely difficult challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective on MagicGardens machine: The goal of this walkthrough is to complete the “MagicGardens” machine from Hack… Read More »HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty The post HackTheBox:MagicGardens Machine Walkthrough-Insane Difficulty appeared first on Threatninja.net.