sudo

Just completed Expressway on Hack The Box (Easy difficulty) – a solid box that blends weak IKE PSK cracking with a straightforward sudo privilege escalation!
Enumeration started with UDP scanning, which revealed ISAKMP on port 500. I ran ike-scan in Aggressive Mode to leak the peer identity ike@expressway.htb and capture crackable parameters. Next I used psk-crack against rockyou.txt and recovered the PSK freakingrockstarontheroad in under 13 seconds. I logged in via SSH as ike using that password and quickly grabbed user.txt.

For privilege escalation, sudo -l confirmed no rights for the ike user. Checking sudo -V showed version 1.9.17 vulnerable to CVE-2025-32463 (chwoot). I cloned the PoC repository on my attack machine, hosted sudo-chwoot.sh with a Python HTTP server, transferred it to the target using curl, made it executable, and ran it. The script printed “woot!” and dropped an instant root shell. From there I read root.txt.
Nice and clean chain: weak PSK for initial access followed by a known sudo vulnerability for root. Perfect easy box to sharpen IKE enumeration and Linux local exploitation skills.

#HackTheBox #CTF #PenetrationTesting #Cybersecurity #EthicalHacking #IKE #PSKCracking #PrivilegeEscalation #LinuxExploitation #CVE202532463 #RedTeam