sudo

MACHINE Linux

HackTheBox: Editorial

An Easy Linux box where one SSRF cascades to root: a Cover URL field fetches internal services, an SSRF port scan finds an internal API on 5000 leaking dev's SSH credentials, git history exposes the prod password, and a sudo GitPython script (CVE-2022-24439) runs an ext:: URL through sh for a root shell.

MACHINE Linux

HackTheBox: Imagery

A Medium Linux Flask box: a blind XSS in the bug-report form steals the admin session cookie, an admin arbitrary-file-read pulls source revealing a hidden ImageMagick transform endpoint, command injection in the crop width lands a web shell, an AES-encrypted backup cracks to reveal mark's hash, and a sudo-privileged Charcol CLI schedules a root cron to SUID bash.