https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Thu, 13 Nov 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/academy https://b3ta-blocker.github.io/blog/academy Linux machine compromise via FTP anonymous access and web CMS exploitation, followed by privilege escalation through cron misconfiguration leading to root access. Thu, 13 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxprivilege-escalationweb-exploitationreverse-shell https://b3ta-blocker.github.io/blog/artifical https://b3ta-blocker.github.io/blog/artifical Compromise of a Linux HackTheBox machine by uploading a malicious TensorFlow HDF5 model to exploit remote code execution, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by recovering a Bcrypt-hashed password from a Backrest backup archive and abusing the Backrest web UI to read the root flag. Tue, 22 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasytensorflowmalicious-modelprivilege-escalation https://b3ta-blocker.github.io/blog/blackpearl https://b3ta-blocker.github.io/blog/blackpearl Compromise of a Linux machine via DNS reconnaissance to discover a virtual host running Navigate CMS v2.8, exploited through an unauthenticated RCE vulnerability, followed by privilege escalation via a SUID misconfiguration on php7.3. Sun, 07 Dec 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxeasyvirtual-hostsuidprivilege-escalation https://b3ta-blocker.github.io/blog/butler https://b3ta-blocker.github.io/blog/butler Compromise of a Windows machine via Jenkins default credentials and Groovy script RCE, followed by privilege escalation through an unquoted service path vulnerability in the WiseBootAssistant service. Fri, 05 Dec 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowsjenkinsprivilege-escalation https://b3ta-blocker.github.io/blog/code https://b3ta-blocker.github.io/blog/code Compromise of a Linux HackTheBox machine by escaping a Python code editor sandbox via subclass traversal to obtain a reverse shell, extracting and cracking MD5 credentials from a SQLite database, then escalating privileges by abusing a sudo-permitted backup script with a crafted JSON payload to read the root flag. Wed, 06 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasypython-sandbox-escapepath-traversalprivilege-escalation https://b3ta-blocker.github.io/blog/codetwo https://b3ta-blocker.github.io/blog/codetwo Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag. Wed, 27 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachine https://b3ta-blocker.github.io/blog/dev https://b3ta-blocker.github.io/blog/dev Compromise of a Linux machine via NFS enumeration, zip password cracking, and a BoltWire LFI vulnerability to obtain SSH credentials, followed by privilege escalation using a sudo zip GTFOBins exploit. Sun, 30 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxlfiprivilege-escalationboltwire https://b3ta-blocker.github.io/blog/devhub https://b3ta-blocker.github.io/blog/devhub DevHub is a Linux machine compromised via CVE-2026-23744, an unauthenticated RCE in MCPJam v1.4.2, followed by lateral movement through an exposed Jupyter Lab instance with a plaintext token, and privilege escalation via a hardcoded API key in an internal Flask service running as root. Mon, 15 Jun 2026 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) hacktheboxlinuxmediummcprcejupyterlateral-movementprivilege-escalation https://b3ta-blocker.github.io/blog/dog https://b3ta-blocker.github.io/blog/dog Compromise of a Linux HackTheBox machine by dumping an exposed Git repository to extract database credentials, logging into Backdrop CMS as admin, exploiting an authenticated unrestricted file upload vulnerability (CVE-2022-42092) for RCE, and escalating privileges via a sudo misconfiguration on the bee CLI tool. Thu, 17 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasygit-dumpercve-2022-42092file-uploadreverse-shellcredential-reusesudo-exploitationprivilege-escalation https://b3ta-blocker.github.io/blog/fluffy https://b3ta-blocker.github.io/blog/fluffy Compromise of a Windows HackTheBox Active Directory machine by exploiting CVE-2025-24071 via a malicious library-ms file to capture NTLM hashes via Responder, abusing GenericWrite permissions through BloodHound enumeration to perform Shadow Credential attacks, and escalating to Domain Admin by exploiting an ESC16 ADCS misconfiguration with Certipy. Thu, 10 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowshacktheboxeasyactive-directorycve-2025-24071privilege-escalation https://b3ta-blocker.github.io/blog/knowledge_check https://b3ta-blocker.github.io/blog/knowledge_check Compromise of a Linux HackTheBox machine running GetSimple CMS, exploited through credential discovery in exposed data files, admin panel access, and a PHP reverse shell upload, followed by privilege escalation via a sudo misconfiguration on php binary. Mon, 25 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyprivilege-escalation https://b3ta-blocker.github.io/blog/nibbles https://b3ta-blocker.github.io/blog/nibbles Compromise of a Linux HackTheBox machine running Nibbleblog 4.0.3, exploited through default credentials and an authenticated file upload vulnerability to gain a reverse shell, followed by privilege escalation by abusing a world-writable sudo script. Sat, 23 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyfile-uploadreverse-shellmetasploitsudo-exploitationprivilege-escalationweb-exploitation https://b3ta-blocker.github.io/blog/soulmate https://b3ta-blocker.github.io/blog/soulmate Compromise of a Linux HackTheBox machine via CVE-2025-31161 authentication bypass on CrushFTP to gain admin access, followed by PHP reverse shell upload, credential extraction from a hardcoded Erlang script, and root flag retrieval through an exposed Erlang shell on port 2222. Sun, 21 Sep 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxMachineEasycve-2025-31161privilege-escalationHackTheBox