HackTheBox - Paper Writeup
Paper is an easy Hack The Box Linux machine running Apache on ports 80 and 443. A hidden virtual host reveals a vulnerable WordPress blog susceptible to [CVE-2019-17671], allowing access to sensitive draft content. A discovered link leads to a Rocket.Chat instance, where bot interaction leaks system credentials. SSH access is obtained, and privilege escalation is achieved by exploiting a vulnerable version of sudo via [CVE-2021-3560], resulting in root access.
CVE-2019-17671 CVE-2021-3560 polkit linpeas gobuster wordpress hubot