Pbkdf2

Published on
February 23, 2026
HTB - Interpreter (Medium)
machine linux PBKDF2 SSTI port-forwarding regex
The target runs a version of NextGen Healthcare Mirth Connect that is vulnerable to CVE-2023-43208 which allows for initial foothold. DB enumeration reveals a user credential encrypted in PBKDF2-HMAC-SHA256 which requires some decoding and cracking. Thus, gaining user access. Then, acquired root by identifying an SSTI vulnerability of unsafe user input validation within a custom script for Mirth Connect

HTB - Interpreter (Medium)