HackTheBox – Soulmate Walkthrough | CrushFTP, Erlang CVE-2025-32433

In this HackTheBox machine, we enumerate subdomains to discover a CrushFTP instance, exploit CrushFTP to create an admin user and upload a reverse shell, perform lateral movement by analyzing Erlang processes running as root, then escalate privileges by exploiting CVE-2025-32433 in a vulnerable Erlang SSH service listening on port 2222. If you're learning ethical hacking, OSCP, or just love seeing machines get popped... this one's for you. 📂 Scripts and Commands: https://strikoder.com/writeups/soulmate 🏠 Room Link: https://www.hackthebox.com/machines/s... -------- ⏱️ Timestamps: 00:00 - Intro & Target Overview 01:10 - Enumeration & Port Scanning 05:58 - Discovering CrushFTP Instance 09:03 - CrushFTP Vulnerability Research 14:35 - Exploiting CrushFTP to Create User 28:17 - Uploading Reverse Shell 36:21 - Process Enumeration & Analysis 40:40 - Identifying Erlang SSH on Port 2222 51:20 - CVE-2025-32433 Exploitation -------- Follow me for more real-world hacking walkthroughs, live streams, and cert prep content 👇 💻 Labs GitHub: https://github.com/strikoder 🎥 Streams & Short Content Twitch:   / strikoder   Instagram:   / strikoder   TikTok:   / strikoder   💬 Community & Discussions Discord Server:   / discord   X (Twitter): https://x.com/Strikoder 📨 Official Contact LinkedIn:   / strikoder   Email: [email protected] More videos coming soon on PNPT, and OSCP prep. Stay tuned, and thanks for the support! #soulmate #crushftp #erlang #cve2025 #lateralmovement #processenum #oscp #pt1 #hackthebox #tryhackme #portswigger #portswiggeracademy #activedirectory #linux #windows #ethicalhacking #cybersecurity #pentesting #ctf #infosec #enumeration #privilegeescalation #windowshacking #networksecurity #bugbounty #RedTeam #capturetheflag #hackingtools #cyberseclabs #hackermindset #Nmap #terminal #strikoder #Nmap #terminal #strikoder