HTB-Editor Machine writeup

Enumeration gave us a website at wiki.editorial.htb

The version for this was clearly visible:

Searching around I found an exploit : CVE-2025-24893

Following the instructions I got the shell.

Now came the hardest part finding the hibernate.xml file . This took me ages to find . But I finally found the creds so it was time to ssh and I found the user flag .

Now I tried using sudo -l but I didnt have privilages so I ran something that revealed there was a flawed netdata version running, which I found out after searching around and using netstat -ntul . It was running on port 19999.

Got an exploit using CVE-2024-32019 after searching around a little.

Following the steps given in the repo from here:

• compile the C file

• upload it using any method you have (I used scp )

• give execution permissions and make sure the executable runs this time .

In my ssh terminal for oliver I used :

chmod +x /tmp/nvme && PATH=/tmp:$PATH /opt/netdata/usr/libexec/netdata/plugins.d/ndsudo nvme-list

Which gave us the root terminal .

We then got the flay yay!!!

I felt like this box was hard till the user flag since finding the hibernate file was a nightmare, however the root took me longer only because I couldn’t get the exploit to work properly. Regardless this was a worthwhile box.

See you guys in the next one!!!