<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Vulnerability - Category - Forensic wheels</title><link>https://polymathmonkey.github.io/weblog/categories/vulnerability/index.html</link><description/><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 26 Jun 2026 09:32:21 +0200</lastBuildDate><atom:link href="https://polymathmonkey.github.io/weblog/categories/vulnerability/index.xml" rel="self" type="application/rss+xml"/><item><title>HTB: Silentium</title><link>https://polymathmonkey.github.io/weblog/writeups/htbsilentium/index.html</link><pubDate>Sun, 14 Jun 2026 09:26:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htbsilentium/index.html</guid><description>Note I put this writeup in my security research section, thats just for convince. Later on I will create a section for all my writeups to come.
Overview Attribute Value OS Linux Difficulty Easy Category Web + Privilege Escalation Key CVEs CVE-2026-40933, CVE-2025-8110 Techniques Auth Bypass, MCP RCE, Symlink Abuse, Git Hooks Silentium is a two-stage exploitation box combining web application authentication weaknesses with a privilege escalation chain through Git hook manipulation. The path to user involves bypassing Flowise authentication and exploiting an MCP (Model Context Protocol) server vulnerability. Root escalation leverages Gogs repository management running with elevated privileges.</description></item><item><title>HTB: DevHub</title><link>https://polymathmonkey.github.io/weblog/writeups/htbdevhub/index.html</link><pubDate>Mon, 22 Jun 2026 12:39:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htbdevhub/index.html</guid><description>Overview Attribute Value OS Linux Difficulty Medium Category Web + Lateral Movement + PrivEsc Key CVEs CVE-2026-23744 Techniques RCE, API Abuse, Credential Exposure, WebSocket Manipulation DevHub is a medium-difficulty Linux machine centered around a developer toolchain: an MCPJam Inspector instance, a JupyterLab server, and an internal MCP operations service. The attack chain requires chaining three distinct vulnerabilities. An unauthenticated RCE in MCPJam Inspector, abuse of a JupyterLab API to achieve lateral movement, and credential exposure in an internal Flask service to escalate to root.</description></item><item><title>HTB: DevArea</title><link>https://polymathmonkey.github.io/weblog/writeups/htb-devarea/index.html</link><pubDate>Tue, 23 Jun 2026 12:00:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htb-devarea/index.html</guid><description>Overview Attribute Value OS Linux Difficulty Medium Category Web + RCE + Privilege Escalation Key CVEs CVE-2022-46364, CVE-2024-45388 Techniques SSRF, RCE, JAR Decompilation, Defensive Shell Analysis DevArea is a medium-difficulty machine demonstrating the importance of chaining multiple vulnerabilities. Initial access requires exploiting an SSRF in Apache CXF to extract credentials, which then enable RCE on a Hoverfly Dashboard instance. The privilege escalation component shows how proper shell script hardening can make seemingly obvious exploits (plugin execution, PATH manipulation) completely ineffective.</description></item></channel></rss>