HackTheBox: Imagery
A Medium Linux Flask box: a blind XSS in the bug-report form steals the admin session cookie, an admin arbitrary-file-read pulls source revealing a hidden ImageMagick transform endpoint, command injection in the crop width lands a web shell, an AES-encrypted backup cracks to reveal mark's hash, and a sudo-privileged Charcol CLI schedules a root cron to SUID bash.
Read 