Hack The Box: Alert

The Alert machine simulated a web application that processes user-supplied markdown files and internal monitoring data.

The goal was to identify weaknesses in input handling, file access controls, and internal tooling that could be chained together to gain full system access.

I began with standard service enumeration to identify exposed network services before focusing on application behavior.

Rather than targeting authentication directly, I analyzed how user-controlled content was rendered and shared within the application.

Each vulnerability discovery was treated as a pivot point to expand visibility into the system rather than an isolated exploit.

Performed extended Nmap scans to identify SSH and HTTP services

Enumerated web endpoints using FFUF to identify hidden functionality

Identified reflected and stored XSS through markdown rendering

Chained XSS with local file inclusion to exfiltrate sensitive files

Automated data exfiltration using JavaScript and a netcat listener

Extracted and cracked password hashes using Hashcat

Authenticated via SSH using recovered credentials

Enumerated local services to identify internal monitoring applications

This machine highlighted how client-side vulnerabilities can be weaponized to extract server-side data when combined with poor access controls.

Local file inclusion flaws significantly increase impact when paired with XSS-based exfiltration techniques.

Weak password hashing and exposed configuration files allowed lateral movement from web access to system access.

Symbolic link handling without proper validation created a clear path to privilege escalation.

Successfully chained XSS and LFI to extract sensitive system files.

Cracked user credentials and gained SSH access as a local user.

Escalated privileges by abusing symbolic link handling in a root-owned monitoring service.

Captured both user and root flags while reinforcing the importance of defense-in-depth in web applications.