Write-up of the HTB OutBound machine: exploit Roundcube 1.6.10 (CVE-2025-49112) for RCE and gain www-data in Docker. Priv-esc via password reuse, DB creds, and decrypting stored data to access Jacob and SSH. Final root via abusing sudo-allowed below by symlinking its log to /etc/group to add user to sudo.