HackTheBoxMedium
HackTheBox — Outbound
Chaining an authenticated RoundCube RCE exploit, MySQL session token harvesting with DES3 decryption, and a CVE-2025-27591 symlink attack via a world-writable log directory to reach root.
↓ scroll
// latest
Chaining an authenticated RoundCube RCE exploit, MySQL session token harvesting with DES3 decryption, and a CVE-2025-27591 symlink attack via a world-writable log directory to reach root.
Exploiting a web-accessible phpbash shell for initial access, then escalating via sudo to scriptmanager and abusing a cron-run Python script to land root.
Abusing anonymous FTP access to steal PRTG Network Monitor config files with backup credentials, then exploiting a PRTG command injection vulnerability (CVE-2018-9276) for SYSTEM shell.
// get in touch
Open to collaboration, bug bounty tips, CTF team invites, and security research opportunities.
tameenyt@gmail.com