HackTheBox - Topology
00:00 - Introduction
01:00 - Start of nmap
02:30 - Discovering Discovering the LaTeX Equation Generator Page
04:10 - Attempting to get code execution, discovering a WAF. Building a wordlist and using FFUF to identify potentially dangerous commands that aren’t blocked
07:45 - Discovering lstinputlisting is not blocked, which will let us read files
10:45 - Using FFUF to bruteforce subdomains, show the automatic calibration, so you don’t need to manually specify filters
13:25 - Looking for the Apache Config for the Dev subdomain, as it likely has a htpasswd file we can get a password from
15:25 - Showing the alternate path to get RCE, Bypassing the filter by encoding characters in hex with ^^
18:50 - Talking about the catcode command and a failed path at evading a filter with this, but it pointed me towards superscript
21:40 - Looking at the wikibooks latex page and seeing ^ is superscript by default, so we don’t need the catcode
22:20 - Testing the bypass with a valid c
7 months ago 00:33:44 1
8 months ago 00:27:16 1
8 months ago 02:00:43 1
8 months ago 00:20:43 1
8 months ago 00:36:09 1
8 months ago 00:30:39 1
8 months ago 00:13:24 1
9 months ago 11:21:04 1
9 months ago 07:22:03 1
9 months ago 00:41:25 4
10 months ago 05:30:24 3
10 months ago 01:02:06 14
10 months ago 00:16:21 18
10 months ago 02:09:39 12
11 months ago 00:15:02 1
11 months ago 00:13:41 1
11 months ago 00:46:30 1
11 months ago 00:09:21 1
11 months ago 00:39:17 7
11 months ago 00:42:37 10
11 months ago 02:34:35 10
11 months ago 00:52:33 9
11 months ago 00:46:53 7
12 months ago 01:21:40 6
