Silentium is an easy rated Linux machine from Hack The Box where initial access is gained by exploiting a Flowise vulnerability that leaks password reset tokens, enabling account takeover, followed by remote code execution through a misconfigured node. SSH access provides a foothold, and an internal service is abused via a symlink flaw to overwrite config and gain root access.
You need to be signed in to access protected stories.
For hints/guidance/requests, you can join our Discord Server
*Following HTB policies, the solutions to live machines will not be shared publicly even on the Discord server.