Close
Menu

Infosec

Prompt Injection

Prompt Injections Primer (Part 1)

, , , , 0

Introduction

Large Language Models (LLMs) have transformed how modern applications interact with natural language—driving chatbots, agents, and decision engines across domains. However, their capacity to follow instructions is also their greatest liability. Prompt Injection (PI) attacks exploit this behavior, enabling adversaries to manipulate LLMs into disclosing sensitive data, altering workflows, or executing malicious actions by overriding the original system prompt with user injected prompt instructions.

As LLMs are increasingly integrated with tool-use capabilities, databases, and API endpoints, the risk surface expands beyond prompt misalignment into real-world compromise. This post explores the technical landscape of prompt injection, its attack vectors, real-world impact, and the current limits of defensive approaches. Notably, Prompt Injection (LLM01 in the upcoming LLM OWASP Top 10 for 2025) can be a root cause for other significant LLM vulnerabilities, including LLM02 – Sensitive Information Disclosure, LLM04 – Data and Model Poisoning, LLM06 – Excessive Agency, LLM07 – System Prompt Leakage, and LLM09 – Misinformation.

Read More
Deepseek R1 and RAG

Threat Modeling Using DeepSeek-R1 and RAG

, , , , , , , 0

Introduction

Intrigued by DeepSeek-R1’s reasoning capabilities, I wanted to explore its potential for automated security assessments. This simple project focuses on building a threat modeling tool (inspired by StrideGPT) using DeepSeek-R1 and RAG to analyze system architectures and generate structured threat models and attack trees.

This was a practical exercise in applying generative AI to security, tackling challenges like LLM limitations, retrieval optimization, and prompt engineering. The core goal was balancing accuracy, retrieval precision, and minimizing hallucinations to produce actionable security insights.

Read More
CRTP

CRTP Review – Certified Red Team Professional

, , , , , , , 0

Introduction

Certified Red Team Professional (CRTP) is an Active Directory-based red teaming certification. The course, titled “Attacking and Defending Active Directory: Beginner’s Edition,” serves as an introductory guide to understanding and executing Active Directory attacks and defenses. The course is taught by Nikhil Mittal. In this blog post, I will review the course and share my experience with the course materials, lab environment, and exam.

Read More
Manager Writeup from HackTheBox

Manager – HackTheBox Writeup

, , , , , , , , , , , , , , , , , 0

Machine Name: Manager
IP: 10.10.11.236
Difficulty: Medium

Summary

Manager is a medium difficulty machine that starts with enumerating usernames and password spraying them to login to MSSQL shell. The MSSQL shell was used to fetch a configuration file containing user credentials that were used to obtain the user shell. Privilege Escalation consisted of abusing the Active Directory Certificate Services (AD CS) misconfiguration to issue an administrator certificate that was used to obtain the TGT hash and authenticate as administrator.

Read More
CozyHosting Writeup

CozyHosting – HackTheBox Writeup

, , , , , , , , , , , , , , 0

Machine Name: CozyHosting
IP: 10.10.11.230
Difficulty: Easy

Summary

CozyHosting, an easy machine, initially involves understanding its SpringBoot application, discovered through a generic error page uncovered during directory enumeration. Further exploration revealed sensitive SpringActuator endpoints, leading to the acquisition of a session token belonging to user KAnderson. Leveraging this token facilitated the theft of the user’s session, providing access to the admin’s dashboard featuring an exploitable SSH configuration. Exploiting the SSH configuration vulnerability allowed for remote code execution (RCE) and subsequent acquisition of a shell. The next step involved decompiling a JAR file, uncovering plain-text database credentials that enabled access to the Postgres database. Within the database, user hashes were uncovered and subsequently cracked to unveil the user password, granting entry as Josh. Finally, privilege escalation was achieved through an SSH sudo misconfiguration, facilitating the acquisition of an interactive shell as root via SSH.

Read More
Appsanity Writeup from HackTheBox

AppSanity – HackTheBox Writeup

, , , , , , , , , , , , , 0

Machine Name: AppSanity
IP: 10.10.11.238
Difficulty: Hard

Summary

AppSanity is a hard difficulty machine that starts with subdomain enumeration and manipulation of the registration process. Utilizing JWT for session hijacking, the journey led to SSRF and finally gaining a user shell through bypassing file-type restrictions. For privilege escalation, analysis of the ExaminationManagement.dll revealed a registry key, providing user credentials. Reverse port forwarding via Chisel unveiled the service on port 100, enabling exploitation of DLL hijacking to escalate privileges and eventually access administrator shell and root flag.

Read More
Keeper Writeup

Keeper – HackTheBox Writeup

, , , , , , , , , , 0

Machine Name: Keeper
IP: 10.10.11.227
Difficulty: Easy

Summary

Keeper is an easy machine which starts with logging into a Request Tracker dashboard using default credentials and discovering SSH user credentials. A KeePass database file is discovered which is then cracked using the CVE-2023-32784. Although the credentials for root are obtained from the exploit, the password needs to be used along with a key to log into SSH. The key found is a putty key which needed to be converted to OpenSSH key format to log in as root.

Read More
Sau Writeup from HackTheBox

Sau – HackTheBox

, , , , , , , , , , 0

Machine Name: Sau
IP: 10.10.11.224
Difficulty: Easy

Summary

Sau is an easy machine that starts with discovering a port that runs Request Basket. The application is vulnerable to an SSRF which led to discovering the Mailtrail application running on port 8338 was being forwarded. The Mailtrail application was vulnerable to an unauthenticated command injection. The RCE was obtained by chaining the SSRF to redirect us to the vulnerable “/login” page where the payload was injected. Privilege Escalation involved abusing sudo right to run systemctl as root.

Read More
Writeup of Pilgrimage - HackTheBox

Pilgrimage – HackTheBox Writeup

, , , , , , , , , , , , , , , , , 0

Machine Name: Pilgrimage
IP: 10.10.11.219
Difficulty: Easy

Summary

Pilgrimage is an easy machine which starts with identifying the ImageMagick tool that the target web application uses to shrink images. The tool is vulnerable to Arbitrary File Reads which enable us to fetch the credentials from a database file. These credentials were used to SSH and gain a user shell. The privilege escalation consists of exploiting Binwalk that runs inside a cron script.

Read More
Writeup of Topology from HackTheBox

Topology – HackTheBox -Writeup

, , , , , , , , , , , 0

Machine Name: Topology
IP: 10.10.11.217
Difficulty: Easy

Summary

Topology is an easy machine which starts by exploiting LaTeX injection to read files on the server that contain password hashes. After cracking the password hash, it was possible to login via SSH and obtain the user flag. The privilege escalation consisted of enumerating for processes that are run by root. One of the processes being run by root executed “.plt” files in a particular folder to which the user had write permissions. Finally, it was a simple matter of looking up the documentation on running OS commands for that particular extension and use it to gain a shell as root.

Read More

Load More