Threatninja.net Security Awareness for all users
- Hack The Box: CCTV machine walkthrough β Easy Difficultyby darknite on July 11, 2026 at 2:58 pm
Just completed the CCTV machine from Hack The Box! After enumerating the target, I discovered a ZoneMinder instance exposed on the web interface. Using the default administrative credentials, I gained access to the application and identified a SQL injection vulnerability in the removetag endpoint. By leveraging SQLMap, I extracted the database contents and recovered valid credentials through bcrypt hash cracking with Hashcat, allowing SSH access as the mark user and securing the User flag. For privilege escalation, I discovered a locally running MotionEye service and extracted authentication details from its configuration files. After accessing the internal web interface through SSH port forwarding, I exploited a command injection vulnerability in the image filename configuration to obtain a root shell and capture the Root flag. Really enjoyed this Easy-difficulty box β a great combination of web application exploitation, SQL injection, credential recovery, and Linux privilege escalation techniques! #HackTheBox #HTB #PenetrationTesting #CyberSecurity #PrivilegeEscalation #SQLInjection #EthicalHacking #Linux #OffensiveSecurity β¦ Learn MoreHack The Box: CCTV machine walkthrough β Easy Difficulty The post Hack The Box: CCTV machine walkthrough β Easy Difficulty appeared first on Threatninja.net.
- Hack The Box: DevArea Machine Walkthrough β Medium Difficultyby darknite on July 4, 2026 at 2:58 pm
Just completed the DevArea machine from Hack The Box! After exploiting a vulnerable Java SOAP service on port 8080, I gained initial access and discovered Hoverfly running on port 8888. Leveraging CVE-2025-54123, I successfully authenticated and delivered a reverse shell, securing the User flag as the dev_ryan user. For privilege escalation, I took advantage of a sudo permission on the SysWatch management script. By exploiting a symlink attack in the logging functionality, I was able to read /root/root.txt and capture the Root flag. Really enjoyed this Medium-difficulty box β great mix of Java deserialization/SOAP, API exploitation, and creative Linux privilege escalation! #HackTheBox #HTB #PenetrationTesting #CyberSecurity #PrivilegeEscalation #CVE #EthicalHacking β¦ Learn MoreHack The Box: DevArea Machine Walkthrough β Medium Difficulty The post Hack The Box: DevArea Machine Walkthrough β Medium Difficulty appeared first on Threatninja.net.
- Hack The Box: Wingdata Machine Walkthrough β Easy Difficultyby darknite on June 27, 2026 at 2:58 pm
I recently completed the Wingdata machine on Hack The Box! This easy-rated challenge involved exploiting an unauthenticated command injection vulnerability (CVE-2025-47812) in the Wing FTP Server web client to gain initial access as the wingftp user. After enumerating the system and cracking a SHA-256 password hash from a user configuration file using Hashcat, I escalated to the wacky user. Finally, I leveraged a vulnerable Python backup restoration script by injecting a malicious tarball containing my SSH public key, achieving full root access. A great box for practicing web application exploitation, password cracking, and creative privilege escalation techniques. #HackTheBox #PenetrationTesting #CyberSecurity #EthicalHacking #PrivilegeEscalation β¦ Learn MoreHack The Box: Wingdata Machine Walkthrough β Easy Difficulty The post Hack The Box: Wingdata Machine Walkthrough β Easy Difficulty appeared first on Threatninja.net.
- Hack The Box: Nanocorp Machine Walkhtrough β Hard Difficulityby darknite on June 20, 2026 at 2:58 pm
We completed the βNanocorpβ Active Directory lab on Hack The Box, covering full chain exploitation from initial access to domain compromise. User access was achieved by exploiting a ZIP extraction flaw in a recruitment portal, leading to NTLM hash capture via a malicious .library-ms file and credential recovery for web_svc. Active Directory misconfigurations allowed privilege escalation to monitoring_svc through BloodHound-guided abuse of ForceChangePassword rights. Root access was obtained after enumerating CheckMK Agent 2.1 on the Domain Controller. A web shell enabled command execution as web_svc, followed by exploitation of the CheckMK MSI repair process (CVE-2024-0670) using RunasCs to achieve SYSTEM-level access. #HackTheBox #ActiveDirectory #Pentesting #RedTeam #PrivilegeEscalation #CyberSecurity #WindowsDomain #BloodHound β¦ Learn MoreHack The Box: Nanocorp Machine Walkhtrough β Hard Difficulity The post Hack The Box: Nanocorp Machine Walkhtrough β Hard Difficulity appeared first on Threatninja.net.
- Hack The Box: Abducted Machine Walkthrough β Medium Difficultyby darknite on June 17, 2026 at 2:58 pm
Recently completed the Abducted machine from Hack The Box, a Medium-difficulty challenge that combined SMB enumeration, Samba exploitation, credential discovery, lateral movement, and Linux privilege escalation techniques. The path to user access involved enumerating SMB shares and anonymous RPC services before exploiting a vulnerable Samba printer configuration to gain an initial foothold. Further enumeration revealed backup credentials stored within an Rclone configuration file, which were decrypted and reused to obtain access as a legitimate user. From there, a misconfigured Samba share enabled lateral movement to another account, ultimately leading to a systemd-based privilege escalation path and root access. This machine provided valuable practice in chaining multiple weaknesses together and demonstrated how exposed credentials, insecure service configurations, and share misconfigurations can collectively lead to full system compromise. Key takeaways: β SMB and RPC enumeration can reveal valuable attack paths β Exposed credentials often provide opportunities for lateral movement β Misconfigured Samba shares can introduce serious security risks β Service configuration weaknesses can lead to privilege escalation β Small misconfigurations can be chained into complete system compromise #CyberSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #RedTeam #LinuxSecurity #SMB #Samba #CTF #HackTheBox #InfoSec #SecurityResearch β¦ Learn MoreHack The Box: Abducted Machine Walkthrough β Medium Difficulty The post Hack The Box: Abducted Machine Walkthrough β Medium Difficulty appeared first on Threatninja.net.
- Hack The Box β VariaType Machine Walkthrough Medium Difficultyby darknite on June 13, 2026 at 2:58 pm
Recently completed a Medium-difficulty machine that combined web exploitation, file-processing abuse, and privilege escalation techniques. The path to user access involved leveraging a vulnerable backend font-processing workflow and a ZIP-based exploitation chain to obtain a reverse shell and pivot to a legitimate user account. From there, further enumeration uncovered a misconfigured sudo rule that allowed privilege escalation to root through a Python-based validation script. This machine provided valuable practice in identifying attack paths, chaining vulnerabilities, and understanding how seemingly minor misconfigurations can lead to full system compromise. Key takeaways: β Thorough enumeration is critical β File-processing functionality can introduce unexpected attack surfaces β Misconfigured sudo permissions remain a common privilege-escalation vector #CyberSecurity #EthicalHacking #PenetrationTesting #PrivilegeEscalation #RedTeam #LinuxSecurity #CTF #HackTheBox #InfoSec #SecurityResearch β¦ Learn MoreHack The Box β VariaType Machine Walkthrough Medium Difficulty The post Hack The Box β VariaType Machine Walkthrough Medium Difficulty appeared first on Threatninja.net.
- Hack The Box: Facts Machine Walkthrough β Easy Difficultyby darknite on June 6, 2026 at 2:58 pm
Completed the Facts machine from Hack The Box, an easy-rated Linux challenge that combined web exploitation, cloud storage enumeration, SSH key recovery, and privilege escalation. The initial foothold came from exploiting CVE-2025-2304, a mass assignment vulnerability in Camaleon CMS 2.9.0, which allowed privilege escalation from a low-privileged user to administrator. Access to the administration panel exposed S3 configuration details and credentials, leading to enumeration of an internal bucket containing an encrypted SSH private key. After recovering the key’s passphrase with John the Ripper, SSH access as the trivia user was obtained. Privilege escalation to root involved abusing facter, a Ruby-based utility executable via sudo without a password. By leveraging its –custom-dir option to load a malicious custom fact, arbitrary commands were executed as root, resulting in full system compromise. A great machine that highlights the impact of insecure parameter handling, cloud storage exposure, and the risks associated with misconfigured sudo privileges. #HackTheBox #HTB #Facts #CyberSecurity #PenetrationTesting #EthicalHacking #RedTeam #PrivilegeEscalation #Linux #AWS #S3 #CamaleonCMS #CVE20252304 #JohnTheRipper #Ruby #Infosec #CTF #CyberSecurityLearning β¦ Learn MoreHack The Box: Facts Machine Walkthrough β Easy Difficulty The post Hack The Box: Facts Machine Walkthrough β Easy Difficulty appeared first on Threatninja.net.
- Hack The Box:Interpreter Machine Walkthrough β Medium Difficultyby darknite on May 30, 2026 at 3:09 pm
Completed Hack The Box machine βInterpreterβ after exploiting CVE-2023-43208 in NextGen Healthcare Mirth Connect 4.4.0. Initial access involved API enumeration, unsafe Java deserialization exploitation, reverse shell execution, and database credential extraction from Mirth Connect configuration files. Cracking the recovered PBKDF2-HMAC-SHA256 hash provided SSH access as sedric and access to the user flag. Privilege escalation involved enumerating a root-owned Flask notification service vulnerable to Server-Side Template Injection (SSTI). By forwarding the internal service over SSH and crafting a malicious XML payload, remote command execution as root was achieved, leading to retrieval of the root flag. #HackTheBox #HTB #CyberSecurity #RedTeam #EthicalHacking #PenetrationTesting #OffensiveSecurity #WebSecurity #PrivilegeEscalation #SSTI #Deserialization #Linux #InfoSec #CVE202343208 β¦ Learn MoreHack The Box:Interpreter Machine Walkthrough β Medium Difficulty The post Hack The Box:Interpreter Machine Walkthrough β Medium Difficulty appeared first on Threatninja.net.
- Hack The Box: MonitorsFour Machine Walkthrough β Easy Diffuciltyby darknite on May 23, 2026 at 2:58 pm
Wrapped up another solid box with a clean chain from web exploitation to full host compromise. Gained initial access through an IDOR vulnerability on the /user endpoint, which exposed an admin hash that cracked to wonderful1. This provided access to the Cacti dashboard as marcus. From there, exploiting CVE-2025-24367 led to a reverse shell inside a Docker container as www-data, where the user flag was retrieved. Privilege escalation came from spotting an exposed Docker API. By deploying a privileged container and mounting the host filesystem, it was possible to break out of the container and access the Windows host, ultimately retrieving the root flag. Nice reminder of how small web flaws can cascade into full infrastructure compromise when combined with misconfigurations like exposed Docker daemons. #cybersecurity #penetrationtesting #redteam #docker #privilegeescalation #websecurity #ethicalhacking #infosec β¦ Learn MoreHack The Box: MonitorsFour Machine Walkthrough β Easy Diffucilty The post Hack The Box: MonitorsFour Machine Walkthrough β Easy Diffucilty appeared first on Threatninja.net.
- Hack The Box: Pterodactyl Machine Walkthrough β Medium Difficulityby darknite on May 16, 2026 at 2:58 pm
Completed the Pterodactyl machine on Hack The Box, focusing on end-to-end exploitation. The attack started with a path traversal vulnerability (CVE-2025-49132) in the Pterodactyl Panel, leading to unauthenticated RCE. This access allowed database extraction, credential recovery, and SSH access as a low-privileged user. Privilege escalation was achieved through PAM environment variable poisoning (CVE-2025-6018), followed by a more stable root shell using a libblockdev/udisks race condition (CVE-2025-6019). A solid exercise in chaining web exploitation with local privilege escalation techniques. #HackTheBox #CyberSecurity #EthicalHacking #PenetrationTesting #RedTeam #CTF #Linux #PrivilegeEscalation #WebSecurity β¦ Learn MoreHack The Box: Pterodactyl Machine Walkthrough β Medium Difficulity The post Hack The Box: Pterodactyl Machine Walkthrough β Medium Difficulity appeared first on Threatninja.net.






