HacktheBox - Late Writeup
Late is an easy Hack The Box Linux machine with a Server Side Template Injection (SSTI) vulnerability in a text reader app, leading to Remote Code Execution as user svc_acc. Enumeration reveals a root-owned script triggered on SSH login/logout. Although the script can’t be edited, data can be appended, allowing a reverse shell to be added for root access.