This content originally appeared on DEV Community and was authored by Valera
Hi!
Finished working on a writeup on an interesting, albeit simple, Linux machine on the HackTheBox platform — “Sau”.
We exploit the “SSRF” vulnerability in the Request Basket service to gain access to the internal Maltrail IDS system. Then via “OS Command Injection” we gain access to the puma user for whom sudo rights are insecurely configured, which ultimately leads to a complete compromise of the system.
In my writeup I described in detail how exactly “SSRF” and “Command Injection” work within this machine with step-by-step examples and explanations.
Link to the writeup here:
https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Sau_Linux/HTB_Sau_Linux_05.03.2025.md
Friends, it is very important for me to receive feedback on my completed work. If you have noticed an error, incorrect wording in my report or simply an incorrect train of thought – please let me know in the form of feedback so that I can improve my skills in preparing reports and make them more informative and useful.
This content originally appeared on DEV Community and was authored by Valera