HackTheBox: Reset
An Easy Linux box: a password-reset endpoint leaks the new password, an admin-dashboard LFI plus Apache access.log poisoning via the User-Agent header gives a www-data shell, Rservices trust in /etc/hosts.equiv lets rlogin pivot to sadm, and a detached tmux session leaks the sudo password to escalate through nano's execute-command GTFOBin to root.
Read 