THIS IS UNINTENDTED WAY which was patched later on
Noter was a Medium difficulty Linux box created by kavigihan. Initial Foothold was finding a weak signing key used to sign the session we can modify the session and get ourself VIP access using that we get the ftp credentials and we find a pdf containing hint for ftp admin credential. Logging as ftp_admin we get access to app backup.In backup we find /export_note_local route which take an markdown and export that as pdf. Using the we can get command injection and get access to the box as svc we can get privilege escalation using module injection in mysql.
Horizontall a easy linux box on Hackthebox created by author wail99, was all about finding CVEs and exploiting it.
Meta was a Medium difficulty Linux box created by Nauten. Initial foothold on the box was to find RCE in exiftool and uploading the modified image with payload to get a shell we get a shell as www-data. Running pspy we see an cron running every minute with a script running we upload a modified svg and we get a shell as user. Rooting the box was pretty simple with just modifying the XDF_CONFIG_HOME and running neofetch with sudo and we get a shell as root.