Postgresql

HTB STARTING POINT · Tier 1

Funnel

Anonymous FTP leaks credentials; SSH login reveals a PostgreSQL container reachable via local port forwarding — the flag is a database row.…

April 28, 2026 · 6 min · crAIzy
FTP AnonymousPostgreSQL Tunnel

HTB STARTING POINT · Tier 2

Vaccine

Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.…

April 27, 2026 · 4 min · crAIzy
SQLi Auth BypassSudo Abuse