Bukhari's Archive

Bukhari's Archive https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Thu, 13 Nov 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/academy Academy — Privilege Escalation & Exploitation Walkthrough (TCM Security) https://b3ta-blocker.github.io/blog/academy Linux machine compromise via FTP anonymous access and web CMS exploitation, followed by privilege escalation through cron misconfiguration leading to root access. Thu, 13 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxprivilege-escalationweb-exploitationreverse-shell https://b3ta-blocker.github.io/blog/codetwo CodePartTwo https://b3ta-blocker.github.io/blog/codetwo Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag. Wed, 27 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxjavascriptjs2pycve-2024-28397sandbox-escapereverse-shellprivilege-escalationEasyHackTheBoxMachine https://b3ta-blocker.github.io/blog/dog Dog Machine (HackTheBox) — Step-by-Step Walkthrough https://b3ta-blocker.github.io/blog/dog Compromise of a Linux HackTheBox machine by dumping an exposed Git repository to extract database credentials, logging into Backdrop CMS as admin, exploiting an authenticated unrestricted file upload vulnerability (CVE-2022-42092) for RCE, and escalating privileges via a sudo misconfiguration on the bee CLI tool. Thu, 17 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasygit-dumpercve-2022-42092file-uploadreverse-shellcredential-reusesudo-exploitationprivilege-escalation https://b3ta-blocker.github.io/blog/nibbles Nibbles Machine (HackTheBox) — Step-by-Step Walkthrough https://b3ta-blocker.github.io/blog/nibbles Compromise of a Linux HackTheBox machine running Nibbleblog 4.0.3, exploited through default credentials and an authenticated file upload vulnerability to gain a reverse shell, followed by privilege escalation by abusing a world-writable sudo script. Sat, 23 Aug 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) linuxhacktheboxeasyfile-uploadreverse-shellmetasploitsudo-exploitationprivilege-escalationweb-exploitation