This retired HTB machine covers web application analysis, API exploitation, and Linux kernel privilege escalation techniques. Initial Access: API Enumeration & Command Injection Deobfuscating JavaScript to discover hidden API endpoints. Exploiting improper input validation in the admin API to achieve command injection and gain initial foothold on the system. Privilege Escalation: Kernel Exploit Leveraging CVE-2023-0386 (OverlayFS) to escalate privileges from standard user to root. This FUSE-based vulnerability allows unprivileged users to gain full system access. Key Techniques Covered: - JavaScript deobfuscation and analysis - REST API enumeration and testing - Command injection via vulnerable parameters - Linux kernel exploitation (CVE-2023-0386) - GTFOBins techniques for privilege escalation 📂 Scripts, and Commands: 🏠 Room Link: -------- ⏱️ Timestamps: 00:00 - Intro & Target Overview 01:15 - Enum 10:42 - JS Deobfescation 18:34 - API & Auth Enum 37:59 - Exploitation 41:52 - Privilege Escalation -------- Follow me for more real-world hacking walkthroughs, live streams, and cert prep content 👇 💻 Labs GitHub: 🎥 Streams & Short Content Twitch: Instagram: TikTok: @strikoder 💬 Community & Discussions Discord Server: X (Twitter): 📨 Official Contact LinkedIn: Email: strikoder@ More videos coming soon on PNPT, and OSCP prep. Stay tuned, and thanks for the support! #twomillion #oscp #cpts #hackthebox #linux #ethicalhacking #cybersecurity #pentesting #ctf #infosec #enumeration #privilegeescalation #windowshacking #networksecurity #bugbounty #RedTeam #capturetheflag #hackingtools #cyberseclabs #hackermindset #Nmap #terminal #strikoder