Back to Blog
Write-up

HackTheBox: Sau Machine Walkthrough

Jan 28, 2026 Algorethm 12 min read

This is a placeholder for the full blog post content. In a real implementation, this page would dynamically load content based on the URL parameter or be generated from markdown files.

Key Takeaways

  • SSRF Exploitation using request-baskets (CVE-2023-27163)
  • Command Injection in Mailtrail (CVE-2023-27163)
  • Privilege Escalation via systemctl status

Reconnaissance

We start with a standard Nmap scan to identify open ports and services:

nmap -sC -sV -oA nmap/sau 10.10.11.224