HACKTHEBOX EASY
Kasemsh 2026  ·  Jan 31, 2026

facts

Facts is a medium-difficulty machine that revolves around exploiting a vulnerable CMS hosted on facts.htb. Initial enumeration reveals multiple exposed services, including a web application and SSH. The key to gaining access lies in a path traversal vulnerability within the CMS, allowing authenticated users to download sensitive files. By leveraging this flaw, we can retrieve the SSH private key for the 'trivia' user, crack it, and gain initial access. From there, we can escalate privileges using a misconfigured sudo permission on the 'facter' command.

Category
HackTheBox
Architecture
Windows
Protections
writeup_by
@Kasemsh
🔒
Protected Writeup
Enter the password to unlock this writeup.
Incorrect password.