Red Panda – HackTheBox Writeup
Machine Name: Red Panda
IP: 10.10.11.170
Difficulty: Easy
Summary
Red Panda is an easy machine (not really) that exploits SSTI in Java Spring Boot to get an RCE. To escalate privileges to root, enumeration of directories, permissions, identities, groups, processes, and files need to be chained together to exploit a file that runs as a cronjob as root. The main attack involves performing an XXE attack to gain access to the private key of root.
Read More