📝 Description
This walkthrough details the exploitation of the HackTheBox machine Editor, which runs XWiki and contains a privilege escalation vector via ndsudo PATH hijacking. The steps cover enumeration, remote code execution (RCE), lateral movement, and privilege escalation to root.
1. Enumeration
Initial port scan:
nmap -p- -sV 10.10.11.80
Results:
22/tcp open ssh
80/tcp open http
8080/tcp open http
Port 80 redirects to editor.htb, and port 8080 is running XWiki 15.10.8.
🔐 MACHINE STILL ACTIVE
This machine is currently active on Hack The Box.
As per HTB policy, the complete walkthrough (exploitation & flags) will be published AFTER this machine is retired by HTB (~30-60 days after release).
In the meantime:
✓ Try solving it yourself!
✓ Come back when it's retired for the free solution
Keep grinding! 🎯
Need Help?
Have questions while solving it? Feel free to reach out:
Email: [email protected]
Still looking for guidance? You can always explore more resources here to support your learning journey.
Your support through Ko-fi membership (https://ko-fi.com/andres__) helps create more detailed writeups faster! ❤️
