https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Thu, 13 Nov 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/academy https://b3ta-blocker.github.io/blog/academy Linux machine compromise via FTP anonymous access and web CMS exploitation, followed by privilege escalation through cron misconfiguration leading to root access. Thu, 13 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxprivilege-escalationweb-exploitationreverse-shell https://b3ta-blocker.github.io/blog/artifical https://b3ta-blocker.github.io/blog/artifical Compromise of a Linux HackTheBox machine by uploading a malicious TensorFlow HDF5 model to exploit remote code execution, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by recovering a Bcrypt-hashed password from a Backrest backup archive and abusing the Backrest web UI to read the root flag. Tue, 22 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasytensorflowmalicious-modelprivilege-escalation https://b3ta-blocker.github.io/blog/blackpearl https://b3ta-blocker.github.io/blog/blackpearl Compromise of a Linux machine via DNS reconnaissance to discover a virtual host running Navigate CMS v2.8, exploited through an unauthenticated RCE vulnerability, followed by privilege escalation via a SUID misconfiguration on php7.3. Sun, 07 Dec 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxeasyvirtual-hostsuidprivilege-escalation https://b3ta-blocker.github.io/blog/code https://b3ta-blocker.github.io/blog/code Compromise of a Linux HackTheBox machine by escaping a Python code editor sandbox via subclass traversal to obtain a reverse shell, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by abusing a sudo-permitted backup script with a crafted JSON payload to read the root flag. Wed, 06 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasypython-sandbox-escapepath-traversalprivilege-escalation https://b3ta-blocker.github.io/blog/codetwo https://b3ta-blocker.github.io/blog/codetwo Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag. Wed, 27 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachine https://b3ta-blocker.github.io/blog/dev https://b3ta-blocker.github.io/blog/dev Compromise of a Linux machine via NFS enumeration, zip password cracking, and a BoltWire LFI vulnerability to obtain SSH credentials, followed by privilege escalation using a sudo zip GTFOBins exploit. Sun, 30 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxlfiprivilege-escalationboltwire https://b3ta-blocker.github.io/blog/devhub https://b3ta-blocker.github.io/blog/devhub DevHub is a Linux machine compromised via CVE-2026-23744, an unauthenticated RCE in MCPJam v1.4.2, followed by lateral movement through an exposed Jupyter Lab instance with a plaintext token, and privilege escalation via a hardcoded API key in an internal Flask service running as root. Mon, 15 Jun 2026 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) hacktheboxlinuxmediummcprcejupyterlateral-movementprivilege-escalation https://b3ta-blocker.github.io/blog/dog https://b3ta-blocker.github.io/blog/dog Compromise of a Linux HackTheBox machine by dumping an exposed Git repository to extract database credentials, logging into Backdrop CMS as admin, exploiting an authenticated unrestricted file upload vulnerability (CVE-2022-42092) for RCE, and escalating privileges via a sudo misconfiguration on the bee CLI tool. Thu, 17 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasygit-dumpercve-2022-42092file-uploadreverse-shellcredential-reusesudo-exploitationprivilege-escalation https://b3ta-blocker.github.io/blog/kioptrix https://b3ta-blocker.github.io/blog/kioptrix Compromise of a VulnHub Linux machine by enumerating an exposed Samba 2.2.1a service, identifying the trans2open buffer overflow vulnerability, and exploiting it via Metasploit to obtain a root shell directly. Fri, 24 Oct 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxvulnhubeasymachine https://b3ta-blocker.github.io/blog/knowledge_check https://b3ta-blocker.github.io/blog/knowledge_check Compromise of a Linux HackTheBox machine running GetSimple CMS, exploited through credential discovery in exposed data files, admin panel access, and a PHP reverse shell upload, followed by privilege escalation via a sudo misconfiguration on php binary. Mon, 25 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyprivilege-escalation https://b3ta-blocker.github.io/blog/nibbles https://b3ta-blocker.github.io/blog/nibbles Compromise of a Linux HackTheBox machine running Nibbleblog 4.0.3, exploited through default credentials and an authenticated file upload vulnerability to gain a reverse shell, followed by privilege escalation by abusing a world-writable sudo script. Sat, 23 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyfile-uploadreverse-shellmetasploitsudo-exploitationprivilege-escalationweb-exploitation https://b3ta-blocker.github.io/blog/soulmate https://b3ta-blocker.github.io/blog/soulmate Compromise of a Linux HackTheBox machine via CVE-2025-31161 authentication bypass on CrushFTP to gain admin access, followed by PHP reverse shell upload, credential extraction from a hardcoded Erlang script, and root flag retrieval through an exposed Erlang shell on port 2222. Sun, 21 Sep 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxMachineEasycve-2025-31161privilege-escalationHackTheBox