Privilege-Escalation

A Flask-based XML/XSLT converter with exposed source code, an unsanitized file upload, and a cron-powered RCE — topped off with a fresh needrestart CVE for root.

NanoCorp chains a sneaky NTLM capture through a hiring portal’s file upload, Active Directory ACL abuse via BloodHound, and a Checkmk MSI repair privilege escalation — all on a fully patched Windows Server 2022 DC.