Share
## https://sploitus.com/exploit?id=4542ED4F-2D5B-5A5A-97BA-0EFB5FA7D711
๐ก๏ธ Hack The Box - Enigma Findings Report
๐ Overview
This repository contains a comprehensive penetration test report for the Hack The Box machine Enigma.
๐ Key Findings
* Insecure NFS Share Exposing Onboarding Documents - Medium Severity
* Internal Credential Disclosure via Unencrypted Email Content - Medium Severity
* Password Reuse Across Employee IMAPS Accounts - High Severity
* OpenSTAManager Authenticated OS Command Injection (CVE-2025-69212) - Critical Severity
* Plaintext Database Credentials in Web Application Config - Medium Severity
* Weak User Password Enabling Offline Hash Cracking - High Severity
* OliveTin Unauthenticated Root Automation - Argument-Type Command Injection - Critical Severity
* User flag captured on host `haris`
* Root flag captured via SUID `/bin/bash` dropped through OliveTin command injection
๐ ๏ธ Frameworks Used
* PentNote - Automated documentation - https://github.com/A1GCH-afk/PentNote
* MITRE ATT&CK - T1039, T1552.001, T1114, T1110.003, T1078, T1190, T1552.003, T1110.002, T1021, T1543.003, T1548, T1548.001, T1005
* NSA D3FEND - D3-PA, D3-SVCP, D3-OTP, D3-SPP, D3-CWAM, D3-MA, D3-NTA
๐งฐ Tools & Scripts Referenced
* **Hydra** - password spraying against the IMAPS service
* **Custom Python IMAPS script** - mailbox enumeration over `imaplib.IMAP4_SSL` (port 993)
* **CVE-2025-69212 PoC** (`BridgerAlderson/CVE-2025-69212-PoC`, `exploit.py`) - OpenSTAManager OS command injection
* **LinPEAS** - local privilege escalation enumeration (run twice: once as `www-data`, once as `haris`)
* **Hashcat / John the Ripper** - offline bcrypt hash cracking
* **curl** - crafting the OliveTin `StartAction` API request for the final command injection
๐ Full Report : Will be published after HTB permit to.
--- Not Published Yet --- View the complete report: [Enigma.md](https://github.com/mmoobbeeiidat-design/Hack-The-Box-Enigma-Findings-Report/blob/main/Enigma.md)