Platform: Hack The Box
Season: 9
Difficulty: Easy
OS: Linux
Date: 2025-10-29
Author: x4cc3
Editor is an Easy Linux machine with ports 22, 80, and 8080. JavaScript source on port 80 reveals a hidden XWiki instance on port 8080. XWiki SolrSearch has a Groovy SSTI vulnerability enabling RCE. Netdata's SUID ndsudo binary (CVE-2024-32019) is exploited via PATH hijacking for root.
| Port | Service |
|---|---|
| 22/tcp | SSH |
| 80/tcp | HTTP |
| 8080/tcp | XWiki |
Landing page on port 80
Directory enumeration
curl "<http://10.10.11.80:8080/xwiki/bin/get/Main/SolrSearch?media=rss&text=...groovy_payload>..."
XWiki version via /bin/get
CVE search results
Exploit PoC
The SolrSearch endpoint evaluated user-supplied Groovy code. A reverse shell payload was executed.