Summary Expressway is a Linux machine on Hack The Box that involves exploiting a weak Pre-Shared Key (PSK) in an IKEv1 VPN service to gain initial access. Privilege escalation is achieved by bypassing a flawed security policy in a custom sudo binary that relies on the system’s hostname. This write-up details the process from initial reconnaissance to gaining root privileges, concluding with remediation steps for the identified vulnerabilities. Target IP Address: 10.10.11.87 Hostname: expressway.htb Reconnaissance TCP Port Scan The initial reconnaissance phase began with a TCP port scan using nmap to identify open ports and running services. ...

Summary This write-up documents a full exploitation path for the HTB machine IClean. Primary findings: information disclosure and web vulnerabilities led to user access via an SSTI/XSS chain; credentials from application code allowed database access; qpdf misconfiguration enabled root privilege escalation. Goal: demonstrate methodology and reasoning (recon → enumeration → exploitation → privilege escalation → remediation). Target Host: 10.10.11.12 (lab address) Domain mapped locally: capiclean.htb Reconnaissance Start with a standard service/version scan: ...