Pterodactyl is a Linux machine running the Pterodactyl Panel game server management software. Initial access is achieved through a PEAR LFI/RCE chain that allows writing a PHP webshell, followed by credential extraction from the database. Privilege escalation chains two CVEs together: PAM environment injection and udisks LPE via libblockdev, ultimately leading to a SUID bash root shell.
You need to be signed in to access protected stories.
For hints/guidance/requests, you can join our Discord Server
*Following HTB policies, the solutions to live machines will not be shared publicly even on the Discord server.