Blog | bravosec

https://blog.bravosec.net/Blog | bravosecWriteups and articles for Hack The Box, Try Hack Me, CTF, Penetration Testing, Red Team Training, Cyber Security related stuff. 2026-05-23T23:47:16-08:00 Fate Walker https://blog.bravosec.net/ Jekyll © 2026 Fate Walker /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png HackTheBox Writeup - Soulmate2025-11-04T01:49:55-08:00 2026-05-18T00:40:32-08:00 https://blog.bravosec.net/posts/HackTheBox-Writeup-Soulmate/ Fate Walker

Soulmate is an easy difficulty Linux machine that showcases exploitation of CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, allowing players to access an admin user account. By uploading a malicious PHP file to the application’s web root, remote command execution is achieved. For privilege escalation, CVE-2025-32433, another remote command execution vulnerability in the Erla...

HackTheBox Writeup - Conversor2025-10-27T16:10:18-08:00 2026-05-08T22:54:12-08:00 https://blog.bravosec.net/posts/HackTheBox-Writeup-Conversor/ Fate Walker

Conversor is an easy-difficulty Linux machine featuring a web application that converts XML documents into visually formatted HTML documents using XSLT stylesheets. By registering an account and reviewing the downloadable source code, we discover that the application processes user-supplied XSLT files without proper sanitisation, leading to an XSLT injection vulnerability. This allows us to wri...

HackTheBox Writeup - Signed2025-10-17T02:16:44-08:00 2026-05-08T22:54:12-08:00 https://blog.bravosec.net/posts/HackTheBox-Writeup-Signed/ Fate Walker

Signed is a medium-difficulty Windows machine that demonstrates the exploitation of an MSSQL server by extracting the NTLMv2 hash of the service account running the instance and cracking the hash to obtain its password. This enables the issuance of silver tickets for user impersonation and service access. The domain is then enumerated via the MSSQL instance to gather the necessary information t...

HackTheBox Writeup - DarkZero2025-10-05T20:38:20-08:00 2025-10-05T20:38:20-08:00 https://blog.bravosec.net/posts/HackTheBox-Writeup-DarkZero/ Fate Walker

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/DarkZero] └─$ pt init '10.10.11.89 DC01.darkzero.htb darkzero.htb DC01' +----------+--------+-------------+-------------------+ | PROFILE | STATUS | IP | DOMAIN | +----------+--------+------------...

HackTheBox Writeup - Imagery2025-09-30T04:22:18-08:00 2026-05-08T22:54:12-08:00 https://blog.bravosec.net/posts/HackTheBox-Writeup-Imagery/ Fate Walker

Imagery is a medium-difficulty Linux machine that involves gaining admin access via exploiting a blind XSS. With admin privileges, the attacker exploits arbitrary file read to read sensitive files and source code. By reading the web app’s source code, the attacker discovers a feature that allows them to modify/transform an image, thereby making it vulnerable to remote code execution. After gain...