Nooff's Cyber Blog

Overview Browsed is a medium Linux machine from HackTheBox. This box showcases potential dangers of insecure browser extensions and beyond. We start by discovering an exposed Gitea instance, which stored source code for internal service. We identify a vulnerability and perform Bash arithmetic injection to get initial access. Once inside, we find a Python script. We inspect it’s source code and perform Python cache poisoning to get Root access. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─ # nmap -A 10.10.8.1 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-13 04:55 -0500 Nmap scan report for 10.10.8.1 Host is up (0.027s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.14 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 02:c8:a4:ba:c5:ed:0b:13:ef:b7:e7:d7:ef:a2:9d:92 (ECDSA) |_ 256 53:ea:be:c7:07:05:9d:aa:9f:44:f8:bf:32:ed:5c:9a (ED25519) 80/tcp open http nginx 1.24...

Overview Conversor is an easy Linux machine from HackTheBox. This box chains web app vulnerability with binary misconfiguration and presents a fun challenge. We start by discovering XSLT injection vulnerability in a web app. We write a shellcode via XSLT injection and get it executed via active cronjob. Once inside, we crack a weak password and discover a binary with sudo privileges. We forge it’s config file for Perl shell script and gain Root shell. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─ # nmap -Pn -A 10.10.11.92 -T5 Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-17 15:07 CET Nmap scan report for conversor.htb (10.10.11.92) Host is up (0.025s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 01:74:26:39:47:bc:6a:e2:cb:12:8b:71:84:9c:f8:5a (ECDSA) |_ 256 3a:16:90:dc:74:d8:e3:c4:51:36:e2:08:06:26:17:ee (ED25519) 80...