HTB: Kobold

Kobold is a medium Linux box that chains a misconfigured MCP developer tool into full root. An unauthenticated RCE in the MCPJam Inspector API (CVE-2026-23744) drops a shell as ben via unsanitized command injection through child_process.spawn(). Privilege escalation abuses a dormant Docker group membership activatable via newgrp docker, from there it's a one-liner container escape mounting the host filesystem for root.