CVE Chain: CVE-2024–51482 (SQLi) → bcrypt crack → SSH → CVE-2025–60787 (motionEye RCE)
Recon
Open ports: 22, 80. cctv.htb runs ZoneMinder 1.37.63. Default credentials admin:admin work — always try defaults first.
Confirm version via API:
bash
curl -X POST http://cctv.htb/zm/api/host/login.json -d "user=admin&pass=admin"
# Returns: "version": "1.37.63"
Full writeup — members only
The complete exploit chain, commands, and methodology are available to members on Buy Me a Coffee.
unlock on buy me a coffee€5 one-off · or monthly membership