infrahard

Pterodactyl

hackthebox

Task: HackTheBox Full Pwn machine with openSUSE Leap 15.6 and Pterodactyl Panel v1.11.10. Solution: Chain of three CVEs — LFI via pearcmd.php for RCE, PAM environment injection for polkit bypass, XFS resize race condition for SUID root shell.

$ ls tags/ techniques/

rce lfi linux suid hackthebox full-pwn opensuse pterodactyl-panel pearcmd bcrypt password-cracking udisks2 polkit pam xfs race-condition dbus libblockdev cve-2025-49132 cve-2025-6018 cve-2025-6019

pearcmd_lfi_to_rcebcrypt_hash_crackingpam_environment_injectionpolkit_allow_active_bypassxfs_resize_race_conditionxfs_db_inode_patchingsuid_root_via_nosuid_bypassdbus_filesystem_resize

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]