HackTheBox Escape: Kiosk Breakout via Edge Browser Yields Full System Access
A HackTheBox challenge called Escape presents a Windows machine exposing only Remote Desktop Protocol on port 3389, dropping users into a locked-down kiosk account named KioskUser0. The kiosk environment blocks most applications via an allowlist, but Microsoft Edge can be launched through the Start menu search bar. Attackers exploit Edge's ability to browse the local filesystem via the address bar, download system binaries, and bypass the allowlist by renaming executables to match a permitted app. A third-party RDP client found on the system stores masked credentials for an admin account, which are recovered using a Nirsoft password-reveal utility. Since the admin account holds local administrator privileges, a UAC prompt is all that stands between the attacker and full SYSTEM-level access.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in