HackTheBox - LinkVortex Writeup
LinkVortex is an easy Linux machine on Hack The Box that showcases symlink exploitation. It begins by dumping an exposed .git directory to access Ghost CMS, which is vulnerable to CVE-2023-40028. This flaw allows authenticated symlink uploads to read arbitrary files inside the container, exposing host credentials. Privilege escalation is achieved via a sudo script vulnerable to a chained symlink technique, leading to full root access.
April 28, 2025 1 min read ghost ghost-v5.58 ffuf-vhost git-dumper CVE-2023-40028 chained-symlink