This is a writeup about a retired HacktheBox machine: Buff published on July 18 2020 egotisticalSW This box is classified as an easy machine. The user part just require to exploit a CVE. The root part require first to pivot to access the box's internal services then exploit another CVE.