🛡️365 Days of Hacking🛡️
🔒 Day [131]

🧩 Machine: [Nineveh-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [Exploited 'phpLiteAdmin' for a writing webshell, then LFI in other site, for the RCE. Steg on an image, for pivoting to other user. Cron job 'chkroot' for root.]

🛡️365 Days of Hacking🛡️
🔒 Day [130]

🧩 Machine: [Apocalyst-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: ['Cewl' for custom wordlist, for dirbusting, found an image. Then, pwd list from that img, with 'steghide', bruteforced wp-admin login, shell. Root, writeable /etc/passwd.]

🛡️365 Days of Hacking🛡️
🔒 Day [129]

🧩 Machine: [Haircut-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [Found PHP site using cURL on given URL. Wrote webshell via injection for code execution. SUID, set on vulnerable version of 'Screen', for root access.]

🛡️365 Days of Hacking🛡️
🔒 Day [128]

🧩 Machine: [Celestial-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: ['Node.js Express framework' on port 3000. Deserialization vulnerability (CVE-2017-5941) led to shell. Root cron was running a Python script owned by me.]

🛡️365 Days of Hacking🛡️
🔒 Day [127]

🧩 Machine: [Popcorn-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: ['Torrent Hoster' instance allowed shell via PHP one-liner which was uploaded by manipulating file extension. CVE-2010-0832 led to direct root access.]

🛡️365 Days of Hacking🛡️
🔒 Day [126]

🧩 Machine: [Mailing-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [404 - Not Found]

🛡️365 Days of Hacking🛡️
🔒 Day [125]

🧩 Machine: [Time-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [JSON parser web app, based on Java, CVE-2019-12384 through error messages. Exploited JSON deserialization vulnerability for shell. Script running as root, world-writable.]

🛡️365 Days of Hacking🛡️
🔒 Day [124]

🧩 Machine: [Passage-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [RCE in 'CuteNews' got me shell. Found user passwd hash for SSH. Shared SSH key with another user, helped pivot. For root, exploited USBCreator, ran sudo without knowing passwd.]

🛡️365 Days of Hacking🛡️
🔒 Day [123]

🧩 Machine: [Trick-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [Found many vhosts after enumeration. LFI in one exposed SSH key. (Multiple ways to gain shell access). Had sudo privilege for 'fail2ban' without password for root.]

🛡️365 Days of Hacking🛡️
🔒 Day [122]

🧩 Machine: [Bastard-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [Windows machine, running Drupal 7, vulnerable to RCE known as 'Drupalgeddon2'. After getting shell, used a kernel exploit 'MS15-051', leading to NT AUTHORITY\SYSTEM.]

🛡️365 Days of Hacking🛡️
🔒 Day [121]

🧩 Machine: [Meta-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [Found subdomain, running 'exiftool' on uploaded images, which was vulnerable to code execution. Cron, running 'Mogrify', also vulnerable to code injection. Sudo-NoPasswd-NeoFetch.]

🛡️365 Days of Hacking🛡️
🔒 Day [120]

🧩 Machine: [Poison-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [LFI and log poisoning led to RCE. Found a base64-encoded SSH password in the shell. VNC running locally as root on the machine, so connected to it after tunneling.]

🛡️365 Days of Hacking🛡️
🔒 Day [119]

🧩 Machine: [Heist-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [Cisco config with password hashes and users on site. One worked for RPC. Users found by SID bruting, leading to WinRM session. ProcDump, Dumped Firefox process memory for admin.]

🛡️365 Days of Hacking🛡️
🔒 Day [118]

🧩 Machine: [Bounty-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [While enumerating, found an upload form. RCE by uploading ASP code with some tricks. Then, escalated privileges to administrator using the 'ms10_092_schelevator' Kernel Exploit.]

🛡️365 Days of Hacking🛡️
🔒 Day [117]

🧩 Machine: [Help-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [Found credentials during enumeration of the 'GraphQL' endpoint, used for 'HelpDeskZ' login. Authenticated SQLi exposed SSH credentials, followed by kernel exploit for root.]

🛡️365 Days of Hacking🛡️
🔒 Day [116]

🧩 Machine: [Admirer-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [Found 'Admirer' running via FTP backup, FTP credentials through dirbusting. In 'Admirer', read the SSH pass from source code. Abused Sudo, Python library hijack.]

🛡️365 Days of Hacking🛡️
🔒 Day [115]

🧩 Machine: [Sunday-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [Enumerated users via 'Finger' Service, logged in with guessed SSH password. Cracked password hashes from backup files. Had sudo permission to run 'wget'.]

🛡️365 Days of Hacking🛡️
🔒 Day [114]

🧩 Machine: [Runner-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [404 - Not Found]
hackthebox.com/achievement/ma…

🛡️365 Days of Hacking🛡️
🔒 Day [113]

🧩 Machine: [Magic-HTB]
🌟 Difficulty: [Medium]

🔍 Summary: [Bypassed login with SQLi, uploaded PHP shell bypassing extension filtering. Found user passwords in the DB. SUID binary calling 'popen' without full path, hijacked path for root.]

🛡️365 Days of Hacking🛡️
🔒 Day [112]

🧩 Machine: [Curling-HTB]
🌟 Difficulty: [Easy]

🔍 Summary: [HTML comment in Joomla site revealed user password. Accessed admin panel, uploaded webshell for shell. Exploited cron for root access.]