Editor is a Linux box hosting a code editor website, with documentation on an XWiki instance. I’ll exploit a vulnerability in XWiki’s Solr search that allows unauthenticated Groovy script injection to get remote code execution and a shell. From there, I’ll find database credentials in the XWiki Hibernate config and pivot to a user who reuses the password. Enumerating localhost services, I’ll find NetData running an older version that installs a vulnerable ndsudo SetUID binary that is vulnerable to PATH injection, which I’ll abuse to get root.

0xdf hacks stuff

A detailed walkthrough of exploiting a Linux machine running XWiki and NetData. The attack chain begins with exploiting CVE-2025-24893, an unauthenticated Groovy script injection vulnerability in XWiki's Solr search, to achieve remote code execution. After gaining initial access, database credentials are extracted from XWiki's Hibernate configuration and reused to pivot to a user account via SSH. The privilege escalation to root exploits CVE-2024-32019, a PATH injection vulnerability in NetData's ndsudo SetUID binary. The writeup includes reconnaissance techniques, exploit development, and an explanation of systemd's NoNewPrivileges security feature.

HTB: Editor