Welcome to the HTB Postman write-up! This was an easy-difficulty box. For the initial shell, we need to exploit the Redis service to gain the first interactive shell. Then, we need to escalate to the next user via enumerating further. For the root shell, we will exploit the Webmin server using the known CVE 2019–12840 vulnerability. Let’s get started.