Silentium

Technical Walkthrough

Silentium - Walkthrough

Machine Info

• Target: <TARGET>
• OS: Linux
• Difficulty: Easy
• Domain: silentium.htb
• Vhost: staging.silentium.htb

Attack Chain Summary

1. Enumerate ports 22 and 80.
2. Add silentium.htb and staging.silentium.htb.
3. Confirm Flowise 3.0.5 on the staging vhost.
4. Use Flowise account reset/token leak and chatflow prediction RCE to enumerate the container.
5. Validate the recovered SSH password for ben and capture user.txt.
6. Enumerate localhost services from the host and identify Gogs 0.13.3 on <TARGET>:3001, running as root.
7. Register a local Gogs account, create a token and repo.
8. Validate <secret redacted> by writing through a repository symlink as root.
9. Use the symlink write primitive to create a temporary sudoers drop-in for ben.
10. Read /root/root.txt, save it to loot/root.txt, then remove the sudoers drop-in.

Phase 1: Reconnaissance

• Quick TCP scan showed only SSH and HTTP.
• HTTP redirected to silentium.htb.
• Vhost enumeration found staging.silentium.htb.
• http://staging.silentium.htb/api/v1/version returned Flowise 3.0.5.

Phase 2: Foothold

• Flowise password reset leaked a reset token for <email redacted>.
• After authenticating to Flowise, the chatflow prediction path executed JavaScript inside NodeVM.
• Container RCE exposed environment data and confirmed Flowise was running in Docker.
• Public-source SSH credential hypothesis for ben was validated against the live target and stored in loot/.

Phase 3: User Flag

• SSH as ben succeeded.
• user.txt was captured from /home/ben/user.txt.
• Local and remote copies were saved under loot/user.txt.

Phase 4: Privilege Escalation

• Host baseline from ben showed loopback-only services:

- Gogs on <TARGET>:3001

- Flowise on <TARGET>:3000

- MailHog on <TARGET>:8025 / <TARGET>:1025

• Gogs version was 0.13.3, running as root with repo data under /root/gogs-repositories.
• Registration was enabled but protected by CAPTCHA. The CAPTCHA was numeric-only; a valid local Gogs account was registered.
• A personal access token and private repo were created.
• A repository symlink to /tmp/gogs-symlink-test was committed and pushed.
• The Gogs contents API wrote through that symlink as root:root, validating <secret redacted> on the live host.
• A second symlink targeted /etc/sudoers.d/codex-silentium.
• The contents API wrote a minimal temporary sudoers rule for ben.
• sudo -n id confirmed root execution.

Phase 5: Root Flag

• sudo -n cat /root/root.txt was redirected into a ben-owned temporary file.
• The flag was copied to Pwnbox loot/root.txt and synced locally to loot/root.txt.
• The root flag format was verified as 32 hex characters.
• Cleanup completed: /etc/sudoers.d/codex-silentium was removed.

Lessons Learned

• The Flowise path gave a foothold but not direct host root; host-local enumeration was the decisive transition.
• Gogs CAPTCHA output looked alphanumeric at first, but the generated text was numeric-only.
• For Gogs CSRF workflows, clear stale _csrf cookies after login before fetching a new POST form.
• Validate symlink write primitives on a harmless file before targeting privileged paths.

Source-Backed Dossier

The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.

Notes

Scope

• Target: <TARGET> (Silentium)
• OS: Linux
• Difficulty: Easy
• Pwnbox: <TARGET> (profex0r)
• Attacker VPN IP: <TARGET>
• Domain hypothesis: silentium.htb
• Started: 2026-05-07

Credentials Found

• Flowise User: <email redacted> (admin role)
• Flowise Basic Auth (env vars): ben:F1l3_d0ck3r
• Flowise API Key: hWp_8jB76zi0VtKSr2d9TfGK1fm6NuNPg1uA-8FsUJc
• API Key Secret: <redacted>
• User bcrypt hash (current, unknown pw): $2a$05$CMpktMTSWWt7mEOtWnx9h.hneP3dIXD/Ujnb9TBQzaiSXZKT5LHTi (cost=5)
• User bcrypt hash (original): $2a$05$6o1ngPjXiRj.EbTK33PhyuzNBn2CLo8.b0lyys3Uht9Bfuos2pWhG (cost=5)
• Docker container hostname: c78c3cceb7ba
• Docker host IP: <TARGET>
• Encryption key path: /root/.flowise/encryption.key
• Database path: /root/.flowise/database.sqlite

Environment Variables (from container)

<secret redacted>=ben
<secret redacted>=<redacted>
<secret redacted>=/root/.flowise
PORT=3000
HOME=/root
HOSTNAME=c78c3cceb7ba
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
<secret redacted>=<redacted>
<secret redacted>=<redacted> SET (uses machine-id derived key)

Attack Chain

1. Port scan: 22 (SSH), 80 (nginx) -- only two ports open
2. HTTP redirects to silentium.htb
3. Vhost fuzz: staging.silentium.htb (Flowise 3.0.5)
4. <secret redacted>: Password reset token leaked via POST /api/v1/account/forgot-password
5. API Key auth: Bearer token hWp_8jB76zi0VtKSr2d9TfGK1fm6NuNPg1uA-8FsUJc grants access to management APIs
6. RCE via Chatflow Prediction (Session 2 breakthrough):

- Create CHATFLOW with customFunction node (version 3, with inputParams array)

- Output set to "EndingNode"

- POST to /api/v1/internal-prediction/{chatflowId} with API key auth

- JS executes in NodeVM sandbox

- require("flowise-components/dist/src/utils").getEnvironmentVariable() reads real env vars

- require("typeorm").DataSource gives full SQLite database access

- require("axios") / require("node-fetch") / require("http") / require("net") for network access

Key Findings from Container RCE

Database Access (TypeORM DataSource)

• Tables: migrations, chat_message, user, organization, role, workspace, apikey, chat_flow, tool, credential, variable, login_sessions, login_activity, etc.
• User table: only 1 user (<email redacted>)
• Credential table: EMPTY
• Variable table: EMPTY
• Login sessions: many valid sessions exist (passport session cookies)

Network Scan from Container

• Docker host <TARGET>: Only ports 22 (SSH) and 80 (nginx) open
• Ports 3000, 5432, 3306, 6379, 8080, etc. all CLOSED on Docker host
• Container localhost: Only port 3000 (Flowise itself)
• Docker socket: NOT mounted (/var/run/docker.sock absent)

Auth Architecture

• Basic auth header (Authorization: Basic) ALWAYS returns 401

- Even with correct env var creds ben:F1l3_d0ck3r

- Likely nginx strips Authorization header before proxying

• POST /account/basic-auth: validates creds from JSON body (works with ben:F1l3_d0ck3r)
• API key as Bearer token: <redacted> basic auth for management APIs
• x-request-from: internal: bypasses basic auth but JWT check still fails
• node-custom-function with API key: returns 200 empty (no execution)
• Chatflow prediction with API key: EXECUTES code (the working RCE path)

What FAILED

• SSH as ben@target with F1l3_d0ck3r: REJECTED
• Cracking original bcrypt hash with rockyou, xato-1M, fasttrack, targeted lists: NO MATCH
• Direct fs/child_process require in NodeVM: BLOCKED
• this.constructor.constructor escape: BLOCKED (Code generation from strings disallowed)
• SQLite readfile() function: NOT <secret redacted> (extension not loaded)
• Docker socket: NOT MOUNTED
• Gogs on port 3000: NOT FOUND on Docker host

What To Try Next

1. Crack the ORIGINAL bcrypt hash ($2a$05$6o1ngPjXiRj...) with xato-10M full or rules
2. Read files from container: Need to find a module that reads files and is available in sandbox

- mammoth reads files (but parses as docx)

- form-data can create streams from file paths

- Maybe use node-fetch with a local HTTP server that serves files

1. Check docker-compose.yml or .env files on the host through mounted volumes
2. Read the encryption key at /root/.flowise/encryption.key -- could reveal JWT signing key
3. Try session cookie hijacking: login_sessions table has valid session IDs
4. Consider: the SSH password might be <secret redacted> different from Flowise creds

- Check the main website for password hints in team bios

- The "original" hash might be the SSH password -- CRACK IT

Evidence Ledger

Current Outcome

• User flag captured from the live target and saved to loot/user.txt.
• Root flag captured from the live target and saved to loot/root.txt.
• Temporary privileged file /etc/sudoers.d/codex-silentium was removed after capture.
• The validated privesc path is Gogs 0.13.3 <secret redacted> symlink write via the repository contents API.

Session Resume

Status

• Target: <TARGET>
• Pwnbox: <TARGET>
• User flag: captured in loot/user.txt
• Root flag: captured in loot/root.txt
• Root path: Gogs 0.13.3 symlink write through contents API to temporary sudoers drop-in.

Current Access

• SSH as ben is valid; password is stored only in loot/.
• Local Gogs account and token were created during exploitation; token remains only in target temp files unless separately copied.

Cleanup

• /etc/sudoers.d/codex-silentium was removed.
• Proof file /tmp/gogs-symlink-test may remain as root-owned proof of write.
• Temporary work directories on target:

- /tmp/gogsauth

- /tmp/gogswork

- /tmp/gogscaps

Evidence

• walkthrough.md has the reproducible validated chain.
• notes.md has the current outcome and evidence ledger entries.
• Raw flags are in loot/ only.

Notes

Scope

• Target: <TARGET> (Silentium)
• OS: Linux
• Difficulty: Easy
• Pwnbox: <TARGET> (<<secret redacted>>)
• Attacker VPN IP: <TARGET>
• Domain hypothesis: silentium.htb
• Started: 2026-05-07

Credentials Found

• Flowise User: <email redacted> (admin role)
• Flowise Basic Auth (env vars): ben:F1l3_d0ck3r
• Flowise API Key= <REDACTED>
• API Key Secret: <redacted>
• User bcrypt hash (current, unknown pw): $2a$05$CMpktMTSWWt7mEOtWnx9h.hneP3dIXD/Ujnb9TBQzaiSXZKT5LHTi (cost=5)
• User bcrypt hash (original): $2a$05$6o1ngPjXiRj.EbTK33PhyuzNBn2CLo8.b0lyys3Uht9Bfuos2pWhG (cost=5)
• Docker container hostname: c78c3cceb7ba
• Docker host IP: <TARGET>
• Encryption key path: /root/.flowise/encryption.key
• Database path: /root/.flowise/database.sqlite

Environment Variables (from container)

<secret redacted>=ben
<secret redacted>=<redacted>
<secret redacted>=/root/.flowise
PORT=3000
HOME=/root
HOSTNAME=c78c3cceb7ba
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
<secret redacted>=<redacted>
<secret redacted>=<redacted> SET (uses machine-id derived key)

Attack Chain

1. Port scan: 22 (SSH), 80 (nginx) -- only two ports open
2. HTTP redirects to silentium.htb
3. Vhost fuzz: staging.silentium.htb (Flowise 3.0.5)
4. <secret redacted>: <REDACTED>
5. API Key auth: <REDACTED>
6. RCE via Chatflow Prediction (Session 2 breakthrough):

- Create CHATFLOW with customFunction node (version 3, with inputParams array)

- Output set to "EndingNode"

- POST to /api/v1/internal-prediction/{chatflowId} with API key auth

- JS executes in NodeVM sandbox

- require("flowise-components/dist/src/utils").getEnvironmentVariable() reads real env vars

- require("typeorm").DataSource gives full SQLite database access

- require("axios") / require("node-fetch") / require("http") / require("net") for network access

Key Findings from Container RCE

Database Access (TypeORM DataSource)

• Tables: <REDACTED>, chat_message, user, organization, role, workspace, apikey, chat_flow, tool, credential, variable, login_sessions, login_activity, etc.
• User table: only 1 user (<email redacted>)
• Credential table: <REDACTED>
• Variable table: EMPTY
• Login sessions: many valid sessions exist (passport session cookies)

Network Scan from Container

• Docker host <TARGET>: Only ports 22 (SSH) and 80 (nginx) open
• Ports 3000, 5432, 3306, 6379, 8080, etc. all CLOSED on Docker host
• Container localhost: Only port 3000 (Flowise itself)
• Docker socket: NOT mounted (/var/run/docker.sock absent)

Auth Architecture

• Basic auth header (Authorization: Basic) ALWAYS returns 401

- Even with correct env var creds ben:F1l3_d0ck3r

- Likely nginx strips Authorization header before proxying

• POST /account/basic-auth: validates creds from JSON body (works with ben:F1l3_d0ck3r)
• API key as Bearer token: <redacted>
• x-request-from: <REDACTED>
• node-custom-function with API key= <REDACTED>
• Chatflow prediction with API key= <REDACTED>

What FAILED

• SSH as ben@target with F1l3_d0ck3r: REJECTED
• Cracking original bcrypt hash with rockyou, xato-1M, fasttrack, targeted lists: NO MATCH
• Direct fs/child_process require in NodeVM: BLOCKED
• this.constructor.constructor escape: BLOCKED (Code generation from strings disallowed)
• SQLite readfile() function: NOT <secret redacted> (extension not loaded)
• Docker socket: NOT MOUNTED
• Gogs on port 3000: NOT FOUND on Docker host

What To Try Next

1. Crack the ORIGINAL bcrypt hash ($2a$05$6o1ngPjXiRj...) with xato-10M full or rules
2. Read files from container: Need to find a module that reads files and is available in sandbox

- mammoth reads files (but parses as docx)

- form-data can create streams from file paths

- Maybe use node-fetch with a local HTTP server that serves files

1. Check docker-compose.yml or .env files on the host through mounted volumes
2. Read the encryption key at /root/.flowise/encryption.key -- could reveal JWT signing key
3. Try session cookie hijacking: <REDACTED>
4. Consider: <REDACTED>

- Check the main website for password hints in team bios

- The "original" hash might be the SSH password -- CRACK IT

Evidence Ledger

Current Outcome

• User flag captured from the live target and saved to loot/user.txt.
• Root flag captured from the live target and saved to loot/root.txt.
• Temporary privileged file /etc/sudoers.d/codex-silentium was removed after capture.
• The validated privesc path is Gogs 0.13.3 <secret redacted> symlink write via the repository contents API.

Session Resume

Status

• Target: <TARGET>
• Pwnbox: <TARGET>
• User flag: <REDACTED>
• Root flag: <REDACTED>
• Root path: Gogs 0.13.3 symlink write through contents API to temporary sudoers drop-in.

Current Access

• SSH as ben is valid; password is stored only in loot/.
• Local Gogs account and token were created during exploitation; token remains only in target temp files unless separately copied.

Cleanup

• /etc/sudoers.d/codex-silentium was removed.
• Proof file /tmp/gogs-symlink-test may remain as root-owned proof of write.
• Temporary work directories on target:

- /tmp/gogsauth

- /tmp/gogswork

- /tmp/gogscaps

Evidence

• walkthrough.md has the reproducible validated chain.
• notes.md has the current outcome and evidence ledger entries.
• Raw flags are in loot/ only.

Notes

Scope

• Target: <TARGET> (Silentium)
• OS: Linux
• Difficulty: Easy
• Pwnbox: <TARGET> (<<secret redacted>>)
• Attacker VPN IP: <TARGET>
• Domain hypothesis: silentium.htb
• Started: 2026-05-06

Credentials Found

• Flowise User: <email redacted> (admin role)
• Flowise Basic Auth (env vars): ben:F1l3_d0ck3r
• Flowise API Key= <REDACTED>
• API Key Secret: <redacted>
• User bcrypt hash (current, unknown pw): $2a$05$CMpktMTSWWt7mEOtWnx9h.hneP3dIXD/Ujnb9TBQzaiSXZKT5LHTi (cost=5)
• User bcrypt hash (original): $2a$05$6o1ngPjXiRj.EbTK33PhyuzNBn2CLo8.b0lyys3Uht9Bfuos2pWhG (cost=5)
• Docker container hostname: c78c3cceb7ba
• Docker host IP: <TARGET>
• Encryption key path: /root/.flowise/encryption.key
• Database path: /root/.flowise/database.sqlite

Environment Variables (from container)

<secret redacted>=ben
<secret redacted>=<redacted>
<secret redacted>=/root/.flowise
PORT=3000
HOME=/root
HOSTNAME=c78c3cceb7ba
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
<secret redacted>=<redacted>
<secret redacted>=<redacted> SET (uses machine-id derived key)

Attack Chain

1. Port scan: 22 (SSH), 80 (nginx) -- only two ports open
2. HTTP redirects to silentium.htb
3. Vhost fuzz: staging.silentium.htb (Flowise 3.0.5)
4. <secret redacted>: <REDACTED>
5. API Key auth: <REDACTED>
6. RCE via Chatflow Prediction (Session 2 breakthrough):

- Create CHATFLOW with customFunction node (version 3, with inputParams array)

- Output set to "EndingNode"

- POST to /api/v1/internal-prediction/{chatflowId} with API key auth

- JS executes in NodeVM sandbox

- require("flowise-components/dist/src/utils").getEnvironmentVariable() reads real env vars

- require("typeorm").DataSource gives full SQLite database access

- require("axios") / require("node-fetch") / require("http") / require("net") for network access

Key Findings from Container RCE

Database Access (TypeORM DataSource)

• Tables: <REDACTED>, chat_message, user, organization, role, workspace, apikey, chat_flow, tool, credential, variable, login_sessions, login_activity, etc.
• User table: only 1 user (<email redacted>)
• Credential table: <REDACTED>
• Variable table: EMPTY
• Login sessions: many valid sessions exist (passport session cookies)

Network Scan from Container

• Docker host <TARGET>: Only ports 22 (SSH) and 80 (nginx) open
• Ports 3000, 5432, 3306, 6379, 8080, etc. all CLOSED on Docker host
• Container localhost: Only port 3000 (Flowise itself)
• Docker socket: NOT mounted (/var/run/docker.sock absent)

Auth Architecture

• Basic auth header (Authorization: Basic) ALWAYS returns 401

- Even with correct env var creds ben:F1l3_d0ck3r

- Likely nginx strips Authorization header before proxying

• POST /account/basic-auth: validates creds from JSON body (works with ben:F1l3_d0ck3r)
• API key as Bearer token: <redacted>
• x-request-from: <REDACTED>
• node-custom-function with API key= <REDACTED>
• Chatflow prediction with API key= <REDACTED>

What FAILED

• SSH as ben@target with F1l3_d0ck3r: REJECTED
• Cracking original bcrypt hash with rockyou, xato-1M, fasttrack, targeted lists: NO MATCH
• Direct fs/child_process require in NodeVM: BLOCKED
• this.constructor.constructor escape: BLOCKED (Code generation from strings disallowed)
• SQLite readfile() function: NOT <secret redacted> (extension not loaded)
• Docker socket: NOT MOUNTED
• Gogs on port 3000: NOT FOUND on Docker host

What To Try Next

1. Crack the ORIGINAL bcrypt hash ($2a$05$6o1ngPjXiRj...) with xato-10M full or rules
2. Read files from container: Need to find a module that reads files and is available in sandbox

- mammoth reads files (but parses as docx)

- form-data can create streams from file paths

- Maybe use node-fetch with a local HTTP server that serves files

1. Check docker-compose.yml or .env files on the host through mounted volumes
2. Read the encryption key at /root/.flowise/encryption.key -- could reveal JWT signing key
3. Try session cookie hijacking: <REDACTED>
4. Consider: <REDACTED>

- Check the main website for password hints in team bios

- The "original" hash might be the SSH password -- CRACK IT

Evidence Ledger