git

  • 11th January 2026

Editorial writeup

writeupshack-the-boxlinuxgitcveprivilege-escalation

Editorial is a Linux box that involves SSRF exploitation, internal port enumeration, git credential extraction, and privilege escalation via a GitPython vulnerability (CVE‑2023‑41040). We will discover an SSRF vulnerability in a book cover upload feature, use it to scan internal ports, retrieve API credentials, access a git repository to find production user credentials, and exploit a vulnerable sudo‑allowed Python script to gain root access.

Read more 
  • 24th December 2025

LinkVortex writeup

writeupshack-the-boxlinuxsubdomain-enumerationgitcve

LinkVortex is a Linux box that involves subdomain enumeration and source‑code disclosure via a .git directory. We will reuse hardcoded credentials, exploit a Ghost CMS arbitrary file read (CVE‑2023‑40028) to obtain SSH credentials, and escalate privileges through environment variable manipulation in a custom script.

Read more 
  • 20th December 2025

Dog writeup

writeupshack-the-boxlinuxbackdrop-cmsgitcredential-reuseprivilege-escalation

Dog is a Linux box featuring a Backdrop CMS web application. We will exploit source‑code disclosure via a publicly accessible .git directory, reuse MySQL credentials to gain user access, and escalate privileges through a custom bee binary that allows arbitrary command execution via its eval functionality.

Read more