A medium Linux box from HackTheBox, get initial access through a vulnerable wordpress plugin, then get privesc to a full user through tar, and then find a backup script that unzips a file as root, allowing you to privesc to root by unzipping a malicious archive with a custom root-owned SUID executable.

A medium box from HackTheBox, get initial acces by finding leaked Azure DevOps credentials in a SVN repo’s commit history, then escalate privileges to a user account by cached passwords in the SVN config files on the victims PC, then get root by making a pipeline function in Azure DevOps that sends a reverse shell as nt authority\system.

A medium box from HackTheBox, get initial acces by finding leaked Azure DevOps credentials in a SVN repo’s commit history, then escalate privileges to a user account by cached passwords in the SVN config files on the victims PC, then get root by making a pipeline function in Azure DevOps that sends a reverse shell as nt authority\system.

A medium box from HackTheBox, get initial acces by finding leaked Azure DevOps credentials in a SVN repo’s commit history, then escalate privileges to a user account by cached passwords in the SVN config files on the victims PC, then get root by making a pipeline function in Azure DevOps that sends a reverse shell as nt authority\system.

A medium box from HackTheBox, use a vulnerability in a Drupal plugin to get initial access, then a kernel exploit for privesc.