https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Tue, 22 Jul 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/artifical https://b3ta-blocker.github.io/blog/artifical Compromise of a Linux HackTheBox machine by uploading a malicious TensorFlow HDF5 model to exploit remote code execution, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by recovering a Bcrypt-hashed password from a Backrest backup archive and abusing the Backrest web UI to read the root flag. Tue, 22 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasytensorflowmalicious-modelprivilege-escalation https://b3ta-blocker.github.io/blog/blackpearl https://b3ta-blocker.github.io/blog/blackpearl Compromise of a Linux machine via DNS reconnaissance to discover a virtual host running Navigate CMS v2.8, exploited through an unauthenticated RCE vulnerability, followed by privilege escalation via a SUID misconfiguration on php7.3. Sun, 07 Dec 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxeasyvirtual-hostsuidprivilege-escalation https://b3ta-blocker.github.io/blog/blue https://b3ta-blocker.github.io/blog/blue Compromise of a Windows 7 SP1 lab machine by exploiting the MS17-010 EternalBlue SMB vulnerability via Metasploit to obtain a SYSTEM-level Meterpreter shell and extract password hashes, followed by a manual exploitation attempt using AutoBlue that resulted in a BSOD. Thu, 13 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowseasyms17-010eternalblue https://b3ta-blocker.github.io/blog/code https://b3ta-blocker.github.io/blog/code Compromise of a Linux HackTheBox machine by escaping a Python code editor sandbox via subclass traversal to obtain a reverse shell, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by abusing a sudo-permitted backup script with a crafted JSON payload to read the root flag. Wed, 06 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasypython-sandbox-escapepath-traversalprivilege-escalation https://b3ta-blocker.github.io/blog/codetwo https://b3ta-blocker.github.io/blog/codetwo Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag. Wed, 27 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachine https://b3ta-blocker.github.io/blog/dog https://b3ta-blocker.github.io/blog/dog Compromise of a Linux HackTheBox machine by dumping an exposed Git repository to extract database credentials, logging into Backdrop CMS as admin, exploiting an authenticated unrestricted file upload vulnerability (CVE-2022-42092) for RCE, and escalating privileges via a sudo misconfiguration on the bee CLI tool. Thu, 17 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasygit-dumpercve-2022-42092file-uploadreverse-shellcredential-reusesudo-exploitationprivilege-escalation https://b3ta-blocker.github.io/blog/fluffy https://b3ta-blocker.github.io/blog/fluffy Compromise of a Windows HackTheBox Active Directory machine by exploiting CVE-2025-24071 via a malicious library-ms file to capture NTLM hashes via Responder, abusing GenericWrite permissions through BloodHound enumeration to perform Shadow Credential attacks, and escalating to Domain Admin by exploiting an ESC16 ADCS misconfiguration with Certipy. Thu, 10 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowshacktheboxeasyactive-directorycve-2025-24071privilege-escalation https://b3ta-blocker.github.io/blog/kioptrix https://b3ta-blocker.github.io/blog/kioptrix Compromise of a VulnHub Linux machine by enumerating an exposed Samba 2.2.1a service, identifying the trans2open buffer overflow vulnerability, and exploiting it via Metasploit to obtain a root shell directly. Fri, 24 Oct 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxvulnhubeasymachine https://b3ta-blocker.github.io/blog/knowledge_check https://b3ta-blocker.github.io/blog/knowledge_check Compromise of a Linux HackTheBox machine running GetSimple CMS, exploited through credential discovery in exposed data files, admin panel access, and a PHP reverse shell upload, followed by privilege escalation via a sudo misconfiguration on php binary. Mon, 25 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyprivilege-escalation https://b3ta-blocker.github.io/blog/nibbles https://b3ta-blocker.github.io/blog/nibbles Compromise of a Linux HackTheBox machine running Nibbleblog 4.0.3, exploited through default credentials and an authenticated file upload vulnerability to gain a reverse shell, followed by privilege escalation by abusing a world-writable sudo script. Sat, 23 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyfile-uploadreverse-shellmetasploitsudo-exploitationprivilege-escalationweb-exploitation https://b3ta-blocker.github.io/blog/soulmate https://b3ta-blocker.github.io/blog/soulmate Compromise of a Linux HackTheBox machine via CVE-2025-31161 authentication bypass on CrushFTP to gain admin access, followed by PHP reverse shell upload, credential extraction from a hardcoded Erlang script, and root flag retrieval through an exposed Erlang shell on port 2222. Sun, 21 Sep 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxMachineEasycve-2025-31161privilege-escalationHackTheBox