June 1, 2026

DevHub HackTheBox Writeup - Season11

Adrian Reategui
Share
HackTheBox DevHub machine walkthrough

SUMMARY

This write-up covers the DevHub machine from HackTheBox Season 11. Initial reconnaissance exposed an informational page on port 80 and a more interesting service on port 6274 running MCPJam v1.4.2, a Model Context Protocol inspector/server. This version is affected by CVE-2025-49596, an unauthenticated Remote Code Execution vulnerability in the MCP connection handler that accepts an arbitrary command and argument list when establishing a new server session. A crafted POST to /api/mcp/connect delivered an initial foothold as the user mcp-dev.

With a shell on the target, system enumeration revealed a second user, analyst, and a service bound to localhost on port 8888. Running pspy caught a Jupyter Server being launched as analyst, leaking its authentication token in the command line. A reverse port-forward made the local service reachable, and after working around the host-header check Jupyter enforces on localhost-bound listeners, the leaked token unlocked the full REST API. Abusing the /api/kernels endpoint, a Python kernel was spawned and code was sent through the multiplexed WebSocket channel, executing as analyst and delivering a second shell.

As analyst, an internal Flask application was discovered under /opt, exposing an admin API on port 5000 guarded by an X-API-Key header. Reading the source revealed an ops._admin_dump tool that returned the root user’s SSH private key as part of its dump payload. A single authenticated request to the endpoint extracted the key, which was then used to authenticate as root over SSH, completing the machine.

PATH TO FOLLOW

  1. Reconnaissance
  2. Port 80 - Informational Page Review
  3. Port 6274 - MCPJam v1.4.2 Fingerprinting
  4. CVE-2025-49596 - MCPJam Unauthenticated RCE
  5. Shell as mcp-dev
  6. Internal Enumeration & pspy - Jupyter Token Disclosure
  7. Reverse Port Forward & Host Header Bypass
  8. Jupyter /api/kernels Abuse via REST + WebSocket
  9. Shell as analyst
  10. Internal Flask API Discovery in /opt
  11. X-API-Key Authentication & ops._admin_dump Abuse
  12. Root SSH Private Key Extraction
  13. SSH as Root

CONTENT WILL BE RELEASED ONCE THE MACHINE IS RETIRED

Linux CVE-2025-49596 MCPJam Jupyter MCP Hackthebox Season11

Table of Contents