This write-up dives into the HackTheBox “Editor” Linux box — from initial reconnaissance with Nmap through exploitation and finally gaining root. It details how a critical remote code execution vulnerability CVE-2025-24893 in XWiki was leveraged to obtain a reverse shell, followed by reusing exposed database credentials and abusing a misconfigured SUID-enabled binary to escalate privileges. Along the way, the methodology, commands, and exploitation steps are clearly explained. Perfect for security enthusiasts wanting a concise, practical example of chaining vulnerabilities to full system compromise
Pwnsploit