· Manuel López Pérez · writeups
WriteUp - Poison (HackTheBox)
Poison write-up (HackTheBox): simple FreeBSD machine that exploits LFI in browse.php to poison Apache logs and obtain RCE, extracts credentials from pwdbackup.txt, and escalates to root via VNC with leaked password.