MakeSense
Walkthrough of the HackTheBox machine MakeSense: weaponising an exposed AES-GCM key to inject XSS through an encrypted voice-transcription pipeline, hijacking a Selenium admin bot to create a WordPress administrator, then escalating to root through a PHP OCR service running as root.
Read more