/tags/hackthebox/ Recent content in Hackthebox on Nitel's Red Logs Hugo -- gohugo.io en Mon, 12 Jan 2026 12:33:00 +0000 /posts/cicada/ Mon, 12 Jan 2026 12:33:00 +0000 /posts/cicada/ An easy-rated HTB Active Directory machine. The attack chain involves SMB guest enumeration, RID brute-forcing, password spraying, LDAP dumping, and finally abusing SeBackupPrivilege to extract the Administrator hash. /posts/updown/ Fri, 09 Jan 2026 23:42:00 +0000 /posts/updown/ <strong>UpDown</strong> is a medium Linux box where you chain an exposed <code>.git</code> repo, a custom header bypass, and a Phar wrapper LFI + file upload to get a shell. Root involves Python 2 <code>input()</code> injection on a SUID binary, then <code>easy_install</code> sudo abuse via GTFOBins. /posts/busqueda/ Thu, 08 Jan 2026 11:57:00 +0000 /posts/busqueda/ A walkthrough of HackTheBox Searcher — exploiting CVE-2023-43364 (Searchor 2.4.0 RCE) for initial access, then leveraging a path injection vulnerability in a privileged Python script to escalate to root.