Red Panda – HackTheBox Writeup

Machine Name: Red Panda
Difficulty: Easy


Red Panda is an easy machine (not really) that exploits SSTI in Java Spring Boot to get an RCE. To escalate privileges to root, enumeration of directories, permissions, identities, groups, processes, and files need to be chained together to exploit a file that runs as a cronjob as root. The main attack involves performing an XXE attack to gain access to the private key of root.

Read More