Magic write-up by limbernie

Classic image upload vulnerability to get the initial foothold followed by PATH hijacking for privilege escalation.

https://hackso.me/magic-htb-walkthrough/

Port forwarding with socat and calling the target’s MySQL DB from your machine is just awesome. I didn’t even think about that. Thanks for sharing sir.