HackTheBox: Editorial
An Easy Linux box where one SSRF cascades to root: a Cover URL field fetches internal services, an SSRF port scan finds an internal API on 5000 leaking dev's SSH credentials, git history exposes the prod password, and a sudo GitPython script (CVE-2022-24439) runs an ext:: URL through sh for a root shell.
Read 