An awesome box from htb user jkr where we recover and perform source code analysis, ssh tunnel to a protected admin panel, build a malicious debian package, and man in the middle the OS’s package manager to force an update containing our backdoored package.
Feel free to hit me up with any questions/comments. Thanks!