SmartHire — HTB Medium Write-up
Difficulty: Medium OS: Linux IP: 10.129.245.215 Overview SmartHire is a medium-difficulty Linux machine centred around an AI-powered hiring platform backed by MLflow for ML model management. The attack chain covers three distinct phases: Discovering a hidden MLflow instance via virtual host fuzzing and authenticating with default credentials Registering a malicious pickle model via the MLflow REST API to achieve RCE as svcweb Escalating to root by hijacking a Python plugin loaded through a writable directory inside a NOPASSWD sudo script Key concepts: MLflow REST API abuse, Python pickle deserialization RCE, egress firewall bypass via internal curl exfiltration, site.addsitedir() .pth file hijack. ...