HTB - IClean Write-Up
Summary This write-up documents a full exploitation path for the HTB machine IClean. Primary findings: information disclosure and web vulnerabilities led to user access via an SSTI/XSS chain; credentials from application code allowed database access; qpdf misconfiguration enabled root privilege escalation. Goal: demonstrate methodology and reasoning (recon → enumeration → exploitation → privilege escalation → remediation). Target Host: 10.10.11.12 (lab address) Domain mapped locally: capiclean.htb Reconnaissance Start with a standard service/version scan: ...