Bukhari's Archive

Bukhari's Archive https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Mon, 15 Jun 2026 00:00:00 GMT https://b3ta-blocker.github.io/blog/devhub DevHub Machine (HackTheBox) — Step-by-Step Walkthrough https://b3ta-blocker.github.io/blog/devhub DevHub is a Linux machine compromised via CVE-2026-23744, an unauthenticated RCE in MCPJam v1.4.2, followed by lateral movement through an exposed Jupyter Lab instance with a plaintext token, and privilege escalation via a hardcoded API key in an internal Flask service running as root. Mon, 15 Jun 2026 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) hacktheboxlinuxmediummcprcejupyterlateral-movementprivilege-escalation