pwning DevHub

started the initial recon phase by deploying METATRON to map out the external attack surface. it quickly identified an active web application hosted on a non-standard port.

my first instinct is to shoot over to http://devhub.htb/ and start taking a peek around. initial inspection showed a dev platform dashboard containing an MCP Inspector and a code repository interface and a port number in the open.

after doing some digging on the application's features, specifically the model creation functionality, i noticed the exact application version was exposed in the footer. did some google dorking on the version and found a viable exploit: CVE-2026–23744.

analyzed the public Proof of Concept (PoC) structure to properly format the exploit payload. prepared a customized request locally to ensure the backend parser would process it without triggering generic error handlers.

sent the payload over and BAM! we bypassed the validation logic and got our initial remote code execution foothold on the system.

alright next step since we are in now is to start finding some GOLD. i checked the locally running processes and spotted a unique application bound to localhost. looking at the active process arguments, i found an exposed authentication token!

the service actually turned out to be a local Jupyter environment. i leveraged that exposed token we just found to access the internal Jupyter service and configure a new administrative password.

as we make our way into the application we see that we are in Jupyter and we are allowed to basically write any arbitrary command. let's see if there is a way that we're able to get a reverse shell onto our local machine.

and we are in! we were able to write a command to set up a local netcat listener and catch a clean reverse shell to get into the actual application as the analyst user.

instead of blindly running automated enumeration scripts, i did a manual deep dive into the web infrastructure. knowing the app was hosted via a local Python server, i hunted through the directory structure and uncovered a script containing hardcoded administrative API credentials.

for the final exploit, i sent a crafted POST request using the hardcoded API keys to target the hidden ops._admin_dump endpoint. since the local service runs with root privileges, it completely bypassed standard file permissions and dumped the root SSH private key directly to my terminal.

PWNED.

へ　　　　　／|
    　/＼7　　　 ∠＿/
    　/　│　　 ／　／
    　│　Z ＿,＜　／　　 /`ヽ
    　│　　　　　ヽ　　 /　　〉
    　 Y　　　　　   `　 /　　/
    　ｲ●　､　●　　⊂⊃〈　　/
    　()　 へ　　　　|　＼〈
    　　>ｰ ､_　 ィ　 │ ／／
    　 / へ　　 /　ﾉ＜| ＼＼
    　 ヽ_ﾉ　　(_／　 │／／
    　　7　　　　　　  |｜
    　　＞―r￣￣`ｰ―＿

へ　　　　　／|
    　/＼7　　　 ∠＿/
    　/　│　　 ／　／
    　│　Z ＿,＜　／　　 /`ヽ
    　│　　　　　ヽ　　 /　　〉
    　 Y　　　　　   `　 /　　/
    　ｲ●　､　●　　⊂⊃〈　　/
    　()　 へ　　　　|　＼〈
    　　>ｰ ､_　 ィ　 │ ／／
    　 / へ　　 /　ﾉ＜| ＼＼
    　 ヽ_ﾉ　　(_／　 │／／
    　　7　　　　　　  |｜
    　　＞―r￣￣`ｰ―＿