This file provides a complete exploitation walkthrough for the "Outbound Mail" machine on Hack The Box (HTB). It covers initial VPN setup, reconnaissance, exploiting Roundcube Webmail via CVE-2025-49113 for remote code execution (RCE), privilege escalation to user via database credential extraction, and root escalation using CVE-2025-27591 (Below Symlink Attack).

Add the host (replace IP if your instance is different):

Open ports:

🔐 MACHINE STILL ACTIVE

This machine is currently active on Hack The Box.

As per HTB policy, the complete walkthrough (exploitation & flags) will be published AFTER this machine is retired by HTB (~30-60 days after release).

In the meantime:

✓ Try solving it yourself!
✓ Come back when it's retired for the free solution

Keep grinding! 🎯

Need Help?

Have questions while solving it? Feel free to reach out:
Email: [email protected]

Still looking for guidance? You can always explore more resources here to support your learning journey.

Your support through Ko-fi membership (https://ko-fi.com/andres__) helps create more detailed writeups faster! ❤️