Brainberg
Hack The Box Meetup #16: Orion
SecurityMeetupFreeOnline

Hack The Box Meetup #16: Orion

Sat 18 Jul · 07:00
< 50 attendees

About this event

Orion is a very easy Linux machine that features CSRF Validation Bypass and exploration of CraftCMS and Telnetd. The foothold includes achieving remote code execution by exploiting CVE-2025-32432 in a vulnerable version of CraftCMS. Then the default Craft environment variable file exposes the credentials for its MySQL database, which contains a crackable password. The password has been reused and leads to SSH access to the user on the machine. Finally, privilege escalation is achieved by finding and exploiting a vulnerable version of telnetd (CVE-2026-24061), allowing authentication bypass to root.

Source: meetup