Intense HacktheBox Writeup

This writeup documents a chained compromise of a vulnerable box: initial web enumeration revealed a Flask/SQLite app with a message submission SQL injection and a session scheme vulnerable to SHA-256 length extension, enabling forged sessions to reach admin functionality and perform LFI to read user files. Enumeration also found an SNMP service with an RW community string that was abused via NET-SNMP extend to execute commands and install an SSH key as Debian-snmp, enabling file transfer and access to a local pwnable service; a forking stack-overflow pwn was then exploited (canary/leak/ROP) to escalate to root. The report contains detailed PoC commands, scripts, and exploitation steps.