Detailed, reproducible playbook-style walkthrough. Commands and payloads are given verbatim where safe - sensitive values and flags are redacted and shown as placeholders. Replace ATTACKER_IP and ports where noted.

Target Overview

Host: giveback.htb / 10.10.11.94 (internal lab) Attacker: 10.10.14.81 (replace with your IP)

High-Level Attack Chain Used:

  1. WordPress GiveWP PHP object injection → initial code execution (CVE-2024-5932)

  2. Leverage internal CMS / php-cgi parameter injection to get root shell (CVE-2024-4577)

  3. Use mounted Kubernetes service account token to enumerate secrets

  4. Decode credentials → SSH to user babywyrm

  5. Abuse sudo /opt/debug (runc wrapper) and craft an OCI bundle to read /root/root.txt

0 - Preparation on Attacker

Environment Setup

Add a convenient hosts entry (optional):

echo "10.10.11.94 giveback.htb" | sudo tee -a /etc/hosts

Why this matters: While you can work directly with the IP address, using the hostname makes commands more readable and matches the certificate/virtual host configuration that WordPress may require.

Open multiple terminal panes and keep listeners ready. Replace ATTACKER_IP below with your machine IP (e.g. 10.10.14.81).

Pro tip: Use tmux or screen to manage multiple shells simultaneously. You'll need at least three terminal windows: one for listeners, one for executing exploits, and one for notes/monitoring.

1 - Recon (Quick Commands)

Network Service Discovery

Nmap to discover services (example):

nmap -sV -A 10.10.11.94 -oA nmap/giveback

What to look for:

  • Port 80/443 (HTTP/HTTPS) running WordPress

  • Any unusual high-numbered ports that might indicate internal services

  • Version numbers of web servers (Apache, nginx) that might have known vulnerabilities

  • Response timing that suggests firewalls or IDS/IPS systems

🔐 MACHINE STILL ACTIVE

This machine is currently live on Hack The Box. As per HTB policy, the full walkthrough (exploitation steps & flags) will only be released after the machine is retired - usually 30–60 days after launch.

But why wait?

🚀 Unlock the Full Advantage

Get instant access to exclusive, in-depth writeups, early techniques, and premium guidance - all for just $1.5.

Membership

Members get:
Early access to detailed walkthroughs
Passwords for active machines
Advanced exploitation insights
Priority support when you’re stuck

An easy upgrade that gives you more clarity and confidence.

💬 Need help while solving?

I’ve got your back - reach out anytime:
Email: [email protected]

Keep hacking, keep learning, keep winning. 🎯

Keep Reading

© 2026 Andrés.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv