https://z3r0s6.github.io/tags/apachenifi/Recent content in ApacheNiFi on z3r0sHugoenSun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/machines/helix/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/machines/helix/<p><strong>Difficulty:</strong> Medium | <strong>OS:</strong> Linux | <strong>Date:</strong> 2026-05-10</p> <hr> <h2 id="summary"> Summary <a class="heading-link" href="#summary"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Helix presents a realistic industrial operations scenario built around Apache NiFi, OPC UA, and a custom maintenance console. The attack chain is:</p> <ol> <li>Vhost fuzzing → <code>flow.helix.htb</code> (Apache NiFi 1.21.0, unauthenticated)</li> <li>NiFi RCE via ExecuteScript processor → shell as <code>nifi</code></li> <li>SSH private key for <code>operator</code> found in NiFi support bundles</li> <li>Privilege escalation via OPC UA node manipulation to open a timed maintenance window → root shell</li> </ol>