https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Sun, 21 Sep 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/soulmate https://b3ta-blocker.github.io/blog/soulmate Compromise of a Linux HackTheBox machine via CVE-2025-31161 authentication bypass on CrushFTP to gain admin access, followed by PHP reverse shell upload, credential extraction from a hardcoded Erlang script, and root flag retrieval through an exposed Erlang shell on port 2222. Sun, 21 Sep 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxMachineEasycve-2025-31161privilege-escalationHackTheBox