· 20 min hard Linux Holiday
HTB: Holiday
A Linux box combining SQL injection for credential extraction, stored XSS with aggressive filter bypass to steal an admin cookie, command injection through a character-restricted export endpoint, and sudo npm install for root.
#htb
#linux
#xss
#stored-xss +3
· 14 min easy Linux Bashed
HTB: Bashed
A developer leaves a PHP web shell in a publicly accessible directory, then compounds the mistake with a sudo misconfiguration and a root cron job reading from a user-writable directory. Three independent failures chain into full system compromise.
#htb
#linux
#webshell
#phpbash +1