john

MACHINE Linux

HackTheBox: Postman

An Easy Linux box: an unauthenticated Redis 4.x instance writes an SSH key into the redis user's authorized_keys for a foothold, an encrypted /opt/id_rsa.bak cracks to computer2008 to reach Matt via su, and Webmin 1.910 falls to CVE-2019-12840 command injection (running as root) for a root shell.

MACHINE Linux

HackTheBox: Helix

A Medium Linux box, abusing an exposed Apache NiFi instance for RCE through H2 SQL aliases, recovering an SSH key from a support bundle, then driving an OPC UA / ICS reactor over an SSH tunnel to open a privileged maintenance window and reach root.