Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibwyex7ihmhrrxjxtuqbfchmoattriwury7qfruo4fjxeulqr4tm4",
    "uri": "at://did:plc:gc2nrf5j5b2po5huoyw6utr4/app.bsky.feed.post/3mmdu4swnpcn2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreieqmdjwi7jp3p4uvmwz7kzzorjjk37t6jel65zpjd64ifosrelwkm"
    },
    "mimeType": "image/jpeg",
    "size": 72080
  },
  "description": "HTB WRITE-UP: HELIX\n\nOS: Linux\nDifficulty: Medium\n\n\n1. EXECUTIVE SUMMARY\n\nHelix is a lab that simulates a realistic industrial control systems (ICS/SCADA) environment.\n\n * Target IP: [TARGET_IP]\n * Attacker IP: [ATTACKER_IP]\n\n\n2. RECONNAISSANCE\n\n\n2.1 NMAP PORT SCANNING\n\nI started by scanning the target for open ports and services:\n\nnmap -p- -sV -sC -T4 [TARGET_IP]\n\n\nThe scan revealed:\n\n * 22/tcp — OpenSSH 8.9p1 Ubuntu 3ubuntu0.10\n * 80/tcp — Nginx HTTP\n * 8080/tcp — Apache NiFi\n\nDuring virtua...",
  "path": "/hack-the-box-htb-helix-writeup-medium-weekly-may-8th-2026/",
  "publishedAt": "2026-05-21T07:04:05.000Z",
  "site": "https://1337sheets.com",
  "tags": [
    "Subscribe now"
  ],
  "textContent": "# HTB Write-up: Helix\n\n**OS:** Linux\n**Difficulty:** Medium\n\n* * *\n\n## 1. Executive Summary\n\n**Helix** is a lab that simulates a realistic industrial control systems (ICS/SCADA) environment.\n\n  * **Target IP:** `[TARGET_IP]`\n  * **Attacker IP:** `[ATTACKER_IP]`\n\n\n\n* * *\n\n## 2. Reconnaissance\n\n### 2.1 Nmap Port Scanning\n\nI started by scanning the target for open ports and services:\n\n\n    nmap -p- -sV -sC -T4 [TARGET_IP]\n\n\n**The scan revealed:**\n\n  * **22/tcp** — OpenSSH 8.9p1 Ubuntu 3ubuntu0.10\n  * **80/tcp** — Nginx HTTP\n  * **8080/tcp** — Apache NiFi\n\n\n\nDuring virtual host enumeration using ffuf, I identified `flow.helix.htb` as a host pointing to the NiFi management interface. I added the hostname to `/etc/hosts` and accessed it through the browser.\n\n* * *\n\n## 3. Initial Access\n\n### 3.1 Apache NiFi 1.21.0 Analysis\n\nVisiting `http://flow.helix.htb:8080/nifi` exposed a NiFi instance that allowed the creation of controller services and processors. This represented a serious misconfiguration.\n\nThe goal was to abuse the `ExecuteSQL` processor for remote code execution. NiFi supports multiple database backends. On the target, an H2 Database JAR was present at `/opt/nifi-1.21.0/lib/h2-2.1.214.jar`. H2 is known for supporting Java aliases that can be abused to run arbitrary Java code.\n\n### This post is for subscribers only\n\nBecome a member to get access to all content\n\nSubscribe now",
  "title": "Hack The Box - HTB Helix Writeup - Medium- Weekly - May 8th, 2026",
  "updatedAt": "2026-05-21T07:04:05.775Z"
}