HackTheBox: Snoopy
A Linux box: an LFI on /download leaks the Bind9 TSIG key to hijack DNS and add a mail record, a Mattermost password reset is intercepted via Postfix, an SSH-honeypot plugin captures cbrown's creds, a sudo git apply symlink writes an SSH key for sbrown, and a ClamAV XXE (CVE-2023-20052) leaks root's SSH key.
Read 