Threat Ninja Security Awareness

Just wrapped up a detailed walkthrough of the Hack The Box Titanic machine — an easy-rated challenge packed with valuable learning opportunities! The journey started with exploiting a directory traversal vulnerability to access sensitive Gitea configuration files and extract user credentials. From there, I gained SSH access as the developer user and retrieved the user flag. Privilege escalation was achieved by exploiting a critical ImageMagick vulnerability (CVE-2024-41817) in a writable directory, allowing arbitrary code execution via a crafted shared library. I also discovered the developer user had unrestricted sudo privileges, providing a straightforward path to root. #HackTheBox #CyberSecurity #Pentesting #CTF #PrivilegeEscalation #LinuxSecurity #ImageMagick #CVE202441817 #EthicalHacking #DirectoryTraversal The post Hack The Box: Titanic Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag. #CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag. #CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF The post Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity appeared first on Threatninja.net.

Successfully rooted another Hack The Box machine by chaining multiple vulnerabilities across custom C2 frameworks. For the user flag, we exploited an SSRF vulnerability (CVE-2024-41570) in the Havoc C2 framework to access internal services, which we then chained with an authenticated RCE to execute arbitrary commands and gain a reverse shell as the ilya user. To maintain stable access, SSH keys were added for persistence, allowing us to retrieve the user.txt flag. For the root flag, we targeted the Hardhat C2 service by forging a valid JWT with a Python script to create an admin user, which provided shell access as sergej. Upon privilege escalation analysis, we found that sergej had sudo access to the iptables-save binary. This was abused to overwrite the /etc/sudoers file and escalate to root, ultimately retrieving the root.txt flag. Another great learning experience on the path to mastering offensive security! #HackTheBox #CyberSecurity #InfoSec #RedTeam #CTF #PrivilegeEscalation #RCE #SSRF #Linux #HTB #EthicalHacking #PenetrationTesting #HavocC2 #HardhatC2 #JWT #SudoExploit #OSCP #BugBounty The post Hack The Box: Backfire Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

Successfully exploited CVE-2023-1545 in Teampass to extract user credentials and leveraged CVE-2023-6199 in BookStack to obtain an OTP, gaining user-level access on the Checker machine. Privilege escalation was achieved by exploiting a sudo script interacting with shared memory, setting the SUID bit on /bin/bash to capture the root flag. A great example of combining application vulnerabilities with creative privilege escalation techniques! #Cybersecurity #EthicalHacking #HackTheBox #PenetrationTesting #InfoSec #VulnerabilityResearch #PrivilegeEscalation #CTF #SecurityResearch The post Hack The Box: Checker Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍 I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive! #Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory The post Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Writeup Summary: Heal (Hack The Box) This box involved thorough enumeration that uncovered multiple subdomains, including a Ruby on Rails API. Initial access was gained by chaining a Local File Inclusion vulnerability with password cracking and exploiting a LimeSurvey plugin upload vulnerability. Privilege escalation was achieved by identifying and exploiting an exposed Consul service accessible through SSH port forwarding. This challenge showcased key red teaming skills: web application exploitation, misconfiguration abuse, credential harvesting, and lateral movement. #HackTheBox #CyberSecurity #RedTeam #PrivilegeEscalation #BugBounty #WebSecurity #Infosec #CTF #HTB #OffensiveSecurity #LinuxExploitation The post Hack The Box: Heal Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.

Successfully completed the “Underpass” machine on Hack The Box! For the user flag, I enumerated SNMP to discover a Daloradius instance, logged in with default credentials, cracked an MD5-hashed password for the svcMosh account, and used SSH to access the user flag in its home directory. To capture the root flag, I escalated privileges by exploiting sudo permissions on mosh-server, obtaining a session key and port to establish a root session and retrieve the flag from /root/root.txt. #Cybersecurity #HackTheBox #CaptureTheFlag #PenetrationTesting #LinuxSecurity #PrivilegeEscalation #SNMP #Daloradius #EthicalHacking #InformationSecurity The post Hack The Box: Underpass Machine Walkthrough – Easy Difficulty appeared first on Threatninja.net.

Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise. #CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity The post HackTheBox – BigBang Machine Walkthrough (Hard Difficulty) appeared first on Threatninja.net.

Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario! hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox The post Hack The Box: Vintage Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.

Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise. #ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest The post Hack The Box: Administrator Walkthrough Medium Difficulty appeared first on Threatninja.net.