HackTheBox – BigBang Machine Walkthrough (Hard Difficulty)
Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.
#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity