📝 Description

This walkthrough details the exploitation of the HackTheBox machine Editor, which runs XWiki and contains a privilege escalation vector via ndsudo PATH hijacking. The steps cover enumeration, remote code execution (RCE), lateral movement, and privilege escalation to root.

1. Enumeration

Initial port scan:

nmap -p- -sV 10.10.11.80

Results:

22/tcp   open  ssh
80/tcp   open  http
8080/tcp open  http

Port 80 redirects to editor.htb, and port 8080 is running XWiki 15.10.8.

Subscribe to keep reading

This content is free, but you must be subscribed to Andrés to continue reading.

Already a subscriber?Sign in.Not now

Keep Reading

No posts found

© 2025 Andrés.

Report abuse

Privacy policy

Terms of use

Powered by beehiiv