HTB Pterodactyl — Pterodactyl Panel LFI to Root via CVE-2025-6018/6019 PAM+udisks Chain

2026-03-01

#htb #hackthebox #ctf #CVE-2025-49132 #CVE-2025-6018 #CVE-2025-6019 #lfi #rce #pearcmd #pam #udisks #libblockdev #privilege-escalation #opensuse #xfs #suid

Walkthrough of HackTheBox Pterodactyl machine — from Pterodactyl Panel LFI via pearcmd RCE to root via chained PAM session spoofing and libblockdev XFS resize SUID mount bypass

[]

HTB Facts — Camaleon CMS Mass Assignment to Root

2026-02-28

#htb #hackthebox #ctf #camaleon-cms #mass-assignment #path-traversal #CVE-2025-2304 #CVE-2024-46987 #facter #privilege-escalation #ruby-on-rails

Walkthrough of HackTheBox Facts machine — from Camaleon CMS mass assignment to root via sudo facter custom facts

[]

HTB Interpreter — Mirth Connect RCE to Root via Flask eval() Injection

2026-02-28

#htb #hackthebox #ctf #mirth-connect #CVE-2023-43208 #xstream #deserialization #code-injection #pbkdf2 #privilege-escalation #flask #eval

Walkthrough of HackTheBox Interpreter machine — from Mirth Connect pre-auth XStream deserialization RCE to root via Flask eval() code injection

[]

HTB WingData — Wing FTP RCE to Root via Python tarfile Filter Bypass

2026-02-28

#htb #hackthebox #ctf #wingftp #CVE-2025-47812 #CVE-2025-4517 #tarfile #path-traversal #lua-injection #privilege-escalation #python

Walkthrough of HackTheBox WingData machine — from Wing FTP Server NULL byte Lua injection to root via Python tarfile filter=“data” PATH_MAX bypass

[]

Posts for: #Privilege-Escalation

HTB Pterodactyl — Pterodactyl Panel LFI to Root via CVE-2025-6018/6019 PAM+udisks Chain

HTB Facts — Camaleon CMS Mass Assignment to Root

HTB Interpreter — Mirth Connect RCE to Root via Flask eval() Injection

HTB WingData — Wing FTP RCE to Root via Python tarfile Filter Bypass