HTB: Codify - OSCP Prep Write-up
Sandboxes are only as strong as their implementation. Codify gives you a Node.js code editor to play with - and a vm2 version that plays right back. Machine info Name Codify Platform HackTheBox OS Linux Difficulty Easy TL;DR Web app runs Node.js snippets in a vm2 sandbox; child_process is blocked, but vm2’s context escaping lets you break out entirely Shell as svc, linpeas finds a SQLite database with a bcrypt hash for joshua - cracked with John + rockyou SSH as joshua, sudo -l shows /opt/scripts/mysql-backup.sh as root; the script uses unquoted [[ $DB_PASS == $USER_PASS ]] enabling glob-based password brute-forcing Alternatively, compile and run the dirtyfrag LPE directly as svc and skip joshua entirely Recon Nmap 1 nmap -sV -sC -Pn -A codify.htb ...