HTB: VariaType Writeup
Medium Linux box chaining a fonttools varLib arbitrary write for initial access, FontForge CVE-2024-25082 tar injection for lateral movement, and a setuptools URL-decode bypass to overwrite sudoers as root.
🔒 Protected Content
This post is password protected. Please enter the password to view the content.
Incorrect password. Please try again.
Connect With Me
HTB: Nimbus Writeup
You may also like
HackSmarter: Kiosk Writeup
Break out of a locked Windows VDI kiosk over RDP, recover credentials from an unattend.xml, exploit an unquoted service path, and weaponize a DLL plugin hijack to gain local admin.
HackSmarter: Martini Writeup
Black-box internal pentest against a Windows AD domain. Guest SMB access exposes credentials, leading to Kerberoasting, a WinRM foothold, and full domain compromise via password reuse and DCSync.
