#
IDOR
2 posts
HTB Cap: IDOR to PCAP Credential Leak and PwnKit Privilege Escalation
An IDOR vulnerability on a network capture endpoint reveals plaintext FTP credentials in a PCAP file. Credential reuse provides SSH access, and a vulnerable pkexec SUID binary (CVE-2021-4034) allows root escalation.
HTB MonitorsFour: IDOR to RCE to Docker Escape
An unauthenticated IDOR on an internal API leaks user credentials. Cracking an MD5 hash grants access to a Cacti instance vulnerable to CVE-2025-24367 (authenticated RCE). From a www-data shell inside a Docker container, an exposed Docker Engine API (port 2375) enables container escape and host compromise.