· 16 min medium Linux Apocalyst
HTB: Apocalyst
A steganographic wordlist hidden in a WordPress uploads image provides the admin password through brute-force, then a world-readable .secret file and LXD group membership deliver root via container escape.
#htb
#linux
#wordpress
#steganography +2
· 16 min medium Linux TenTen
HTB: TenTen
A WordPress Job Manager plugin leaks uploaded file names through predictable post IDs, revealing a steganographic image that hides an encrypted SSH key. A misconfigured sudo rule on /bin/fuckin completes the chain to root.
#htb
#linux
#wordpress
#steganography +2