https://p4n4.xyz/tags/r-services/Recent content in R-Services on p4n4SecHugo -- 0.147.7en-usSun, 28 Jun 2026 00:00:00 +0000https://p4n4.xyz/posts/htb/box/reset/Sun, 28 Jun 2026 00:00:00 +0000https://p4n4.xyz/posts/htb/box/reset/Reset chains a password-reset oracle and SQLi-leaked admin hash into an authenticated dashboard, an LFI that is weaponised through Apache log poisoning for RCE as www-data, a misconfigured /etc/hosts.equiv r-services trust that pivots laterally to two separate users, and finally an lxd group membership that mounts the host filesystem for root.