<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Writeups - Forensic wheels</title><link>https://polymathmonkey.github.io/weblog/writeups/index.html</link><description>writeups for all kinds of stuff</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 26 Jun 2026 09:32:21 +0200</lastBuildDate><atom:link href="https://polymathmonkey.github.io/weblog/writeups/index.xml" rel="self" type="application/rss+xml"/><item><title>HTB: Silentium</title><link>https://polymathmonkey.github.io/weblog/writeups/htbsilentium/index.html</link><pubDate>Sun, 14 Jun 2026 09:26:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htbsilentium/index.html</guid><description>Note I put this writeup in my security research section, thats just for convince. Later on I will create a section for all my writeups to come.
Overview Attribute Value OS Linux Difficulty Easy Category Web + Privilege Escalation Key CVEs CVE-2026-40933, CVE-2025-8110 Techniques Auth Bypass, MCP RCE, Symlink Abuse, Git Hooks Silentium is a two-stage exploitation box combining web application authentication weaknesses with a privilege escalation chain through Git hook manipulation. The path to user involves bypassing Flowise authentication and exploiting an MCP (Model Context Protocol) server vulnerability. Root escalation leverages Gogs repository management running with elevated privileges.</description></item><item><title>HTB: DevHub</title><link>https://polymathmonkey.github.io/weblog/writeups/htbdevhub/index.html</link><pubDate>Mon, 22 Jun 2026 12:39:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htbdevhub/index.html</guid><description>Overview Attribute Value OS Linux Difficulty Medium Category Web + Lateral Movement + PrivEsc Key CVEs CVE-2026-23744 Techniques RCE, API Abuse, Credential Exposure, WebSocket Manipulation DevHub is a medium-difficulty Linux machine centered around a developer toolchain: an MCPJam Inspector instance, a JupyterLab server, and an internal MCP operations service. The attack chain requires chaining three distinct vulnerabilities. An unauthenticated RCE in MCPJam Inspector, abuse of a JupyterLab API to achieve lateral movement, and credential exposure in an internal Flask service to escalate to root.</description></item><item><title>HTB: Sherlock: KitsuneHook</title><link>https://polymathmonkey.github.io/weblog/writeups/htb-sherlock-winnti/index.html</link><pubDate>Tue, 23 Jun 2026 00:00:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htb-sherlock-winnti/index.html</guid><description>Overview Attribute Value Challenge Type Sherlock (Investigation) Difficulty Medium Focus Threat Intelligence &amp; OSINT Key Techniques Vendor Attribution, Malware Analysis, Cluster Correlation Status COMPLETED The investigation starts with a cold lead (“Winnti behind this”) and requires classic OSINT: vendor reports, GitHub source analysis, conference presentations, and leaked data correlation.
Scenario &amp; Investigation Approach You’re a Threat Intelligence Analyst with a new assignment: all you know is that Winnti is behind this mess. Your organization has detected suspicious activity targeting manufacturing and energy companies, and the SOC needs answers fast.</description></item><item><title>HTB: DevArea</title><link>https://polymathmonkey.github.io/weblog/writeups/htb-devarea/index.html</link><pubDate>Tue, 23 Jun 2026 12:00:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htb-devarea/index.html</guid><description>Overview Attribute Value OS Linux Difficulty Medium Category Web + RCE + Privilege Escalation Key CVEs CVE-2022-46364, CVE-2024-45388 Techniques SSRF, RCE, JAR Decompilation, Defensive Shell Analysis DevArea is a medium-difficulty machine demonstrating the importance of chaining multiple vulnerabilities. Initial access requires exploiting an SSRF in Apache CXF to extract credentials, which then enable RCE on a Hoverfly Dashboard instance. The privilege escalation component shows how proper shell script hardening can make seemingly obvious exploits (plugin execution, PATH manipulation) completely ineffective.</description></item></channel></rss>