https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Wed, 27 Aug 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/codetwo https://b3ta-blocker.github.io/blog/codetwo Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag. Wed, 27 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachine