sandbox-escape | Bukhari's Archive

August 27, 2025
CodePartTwo
linux javascript js2py cve-2024-28397 sandbox-escape reverse-shell privilege-escalation Easy HackTheBox Machine
Compromise of a Linux HackTheBox machine via a js2py sandbox escape (CVE-2024-28397) in a web-based JavaScript editor to gain a shell, followed by credential extraction from a SQLite database and privilege escalation by abusing sudo npbackup-cli to read the root flag.
Read more →

CodePartTwo