Lab Portfolio

A collection of my Hack The Box writeups with brief summaries and links to full reports.

Lab: Make Sense

Completed the linux machine by utilizing: WordPress enumeration, stored XSS, browser automation abuse, Chrome DevTools Protocol exploitation, and OCR-to-PHP root code execution in a full end-to-end Linux compromise.

Lab: Paperwork

Compromised the “Paperwork” machine by exploiting a vulnerable legacy print service, pivoting through an internal printer-management interface, and chaining multiple misconfigurations to achieve full system access.

Lab: Vaccine

Compromised a Linux web server through a chained attack involving anonymous FTP, weak archive encryption, exposed PHP authentication Logic, MD5 password cracking, authenticate PostgreSQL SQL injection, credential reuse, and an unsafe sudo permission for 'vi'.

Lab Summaries

Vaccine Lab Summary

Completed the Hack The Box Vaccine machine in an authorized lab environment and documented the full attack chain from initial reconnaissance through root access.

The assessment began with service enumeration that identified anonymous FTP access and an exposed password-protected application backup. I extracted the archive hash with zip2john, recovered the password using John the Ripper, and reviewed the exposed PHP source code. The source revealed hardcoded authentication data and an MD5 password hash, which I cracked with Hashcat to access the administrative dashboard.

After authenticating, I identified a vulnerable search parameter and used Burp Suite and SQLMap to confirm PostgreSQL SQL injection. The database privileges allowed operating-system command execution, resulting in a reverse shell as the postgres user.

Post-exploitation enumeration revealed hardcoded database credentials that were reused for SSH access. I then identified an unsafe sudo permission allowing vi to run as root and used its shell functionality to obtain root access.

Skills Demonstrated
  • Network and service enumeration

  • Anonymous FTP assessment

  • Password-hash extraction and cracking

  • PHP source-code review

  • Web authentication analysis

  • Burp Suite request inspection

  • PostgreSQL SQL injection testing

  • Linux reverse-shell access

  • Credential-reuse analysis

  • SSH access and post-exploitation enumeration

  • Linux sudo privilege escalation

  • Vulnerability remediation and technical documentation

Tools Used

Nmap, FTP, zip2john, John the Ripper, Hashcat, Burp Suite, SQLMap, Netcat, SSH, and Linux command-line utilities.

LinkedIn and Resume

© 2024. All rights reserved.