binreaper
Walkthrough of HackTheBox CCTV machine — from ZoneMinder default credentials and CVE-2024-51482 blind SQLi to root via motionEye’s HMAC-signed API command injection in on_event_start hooks
Posts for: #Hackthebox
HTB Pterodactyl — Pterodactyl Panel LFI to Root via CVE-2025-6018/6019 PAM+udisks Chain
Walkthrough of HackTheBox Pterodactyl machine — from Pterodactyl Panel LFI via pearcmd RCE to root via chained PAM session spoofing and libblockdev XFS resize SUID mount bypass
HTB Facts — Camaleon CMS Mass Assignment to Root
Walkthrough of HackTheBox Facts machine — from Camaleon CMS mass assignment to root via sudo facter custom facts
HTB Interpreter — Mirth Connect RCE to Root via Flask eval() Injection
Walkthrough of HackTheBox Interpreter machine — from Mirth Connect pre-auth XStream deserialization RCE to root via Flask eval() code injection
HTB WingData — Wing FTP RCE to Root via Python tarfile Filter Bypass
Walkthrough of HackTheBox WingData machine — from Wing FTP Server NULL byte Lua injection to root via Python tarfile filter=“data” PATH_MAX bypass