Hackthebox Reactor Complete Writeup - CVE-2025-55182 Next.js RCE, SQLite Credential Dump, MD5 Cracking & Node.js Inspector PrivEsc

A comprehensive penetration testing guide exploiting CVE-2025-55182 for unauthenticated remote code execution on a Next.js 15.0.3 application, dumping and cracking MD5 credentials from a local SQLite database, pivoting to the engineer user via su, and escalating to root by abusing a Node.js Inspector debug socket exposed on localhost port 9229.

May 31, 2026 • views • 12 min read • 1,335 words

Havoc

hackthebox 26 htb 30 linux 11 nextjs 2 cve-2025-55182 rce 8 sqlite 2 md5 2 hashcat 3 password-cracking node-inspector debug-socket privilege-escalation 17 lateral-movement 7 credential-dumping 2 medium-difficulty 7 season11 3

🔒 Content Locked

This writeup is password-protected to comply with HTB rules.

📧 Need access? Enter the password.

Hackthebox Reactor Complete Writeup - CVE-2025-55182 Next.js RCE, SQLite Credential Dump, MD5 Cracking & Node.js Inspector PrivEsc

🔒 Content Locked

☕ Support My Work

Comments

🔒 Content Locked

☕ Support My Work

Related Articles

Hackthebox Reactor Complete Writeup - CVE-2025-55182 Next.js RCE, SQLite Credential Dump, MD5 Cracking & Node.js Inspector PrivEsc

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

HTB DevHub Complete Writeup - CVE-2026-23744 MCPJam RCE, JupyterLab WebSocket Code Execution & OPSMCP Admin Tool Abuse

Conversor Hack The Box Writeup & Walkthrough (XSLT Injection, Linux PrivEsc)

Comments