lfi

  • 21st December 2025

Titanic writeup

writeupshack-the-boxlinuxlfisubdomain-enumerationhash-crackingcve

Titanic is a Linux box that starts with a local file inclusion (LFI) vulnerability in a Flask web application. We will discover a subdomain, extract credentials from a Gitea instance, crack hashes, and escalate privileges via an ImageMagick configuration‑path vulnerability (GHSA‑8rxc‑922v‑phg8).

Read more