HackTheBox - Conversor
Key Takeaways
The video demonstrates a cybersecurity challenge on HackTheBox's Conversor box, utilizing tools like nmap, XML, and XSLT to exploit vulnerabilities such as Path Traversal and XSLT Injection, ultimately leading to Remote Code Execution (RCE) and privilege escalation via CVE-2024-48990 and sudoers misconfiguration.
Original Description
00:00 - Introduction
00:52 - Start of nmap, look at 404 errors to discover it is flask
03:30 - Logged into the application, uploading an XML and XSLT to look at the converter
05:45 - Attempting to use XXE to get File Disclosure, which doesn't work
09:10 - Discovering the source code to the web application is on the about page, running it on localhost which makes it easier to identify why exploits fail
13:20 - Exploiting the Path Traversal vulnerability, due to putting user data in os.path.join(), this write files anywhere the webserver has permission to
16:25 - Looking at documentation of the webapp, shows there is a cron executing python scripts in /var/www/conversor/scripts, write a file there to get RCE
20:28 - Showing the XSLT Injection to write files to the server
30:55 - Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it shows how this was overlooked
33:00 - Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below version 3.7
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from IppSec · IppSec · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
HHC2016 - Analytics
IppSec
HackTheBox - October
IppSec
HackTheBox - Arctic
IppSec
HackTheBox - Brainfuck
IppSec
HackTheBox - Bank
IppSec
HackTheBox - Joker
IppSec
HackTheBox - Lazy
IppSec
Camp CTF 2015 - Bitterman
IppSec
HackTheBox - Devel
IppSec
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
HackTheBox - Granny and Grandpa
IppSec
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
HackTheBox - Optimum
IppSec
HackTheBox - Charon
IppSec
HackTheBox - Sneaky
IppSec
HackTheBox - Holiday
IppSec
HackTheBox - Europa
IppSec
Introduction to tmux
IppSec
HackTheBox - Blocky
IppSec
HackTheBox - Nineveh
IppSec
HackTheBox - Jail
IppSec
HackTheBox - Blue
IppSec
HackTheBox - Calamity
IppSec
HackTheBox - Shrek
IppSec
HackTheBox - Mirai
IppSec
HackTheBox - Shocker
IppSec
HackTheBox - Mantis
IppSec
HackTheBox - Node
IppSec
HackTheBox - Kotarak
IppSec
HackTheBox - Enterprise
IppSec
HackTheBox - Sense
IppSec
HackTheBox - Minion
IppSec
VulnHub - Sokar
IppSec
VulnHub - Pinkys Palace v2
IppSec
HackTheBox - Inception
IppSec
Vulnhub - Trollcave 1.2
IppSec
HackTheBox - Ariekei
IppSec
HackTheBox - Flux Capacitor
IppSec
HackTheBox - Jeeves
IppSec
HackTheBox - Tally
IppSec
HackTheBox - CrimeStoppers
IppSec
HackTheBox - Fulcrum
IppSec
HackTheBox - Chatterbox
IppSec
HackTheBox - Falafel
IppSec
How To Create Empire Modules
IppSec
HackTheBox - Nightmare
IppSec
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
HackTheBox - Bart
IppSec
HackTheBox - Aragog
IppSec
HackTheBox - Valentine
IppSec
HackTheBox - Silo
IppSec
HackTheBox - Rabbit
IppSec
HackTheBox - Celestial
IppSec
HackTheBox - Stratosphere
IppSec
HackTheBox - Poison
IppSec
HackTheBox - Canape
IppSec
HackTheBox - Olympus
IppSec
HackTheBox - Sunday
IppSec
HackTheBox - Fighter
IppSec
HackTheBox - Bounty
IppSec
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Top 10 Cybersecurity Jobs That AI Cannot Replace: The Human-in-the-Loop Roadmap
Dev.to · Shweta Pathak
HackTheBox: Manage Writeup
Dev.to · Yogeshwar Peela
How to Secure a VPS: The Complete Ubuntu Hardening Guide
Dev.to · Wade Thomas
OSS Never Solved Security. It Solved Responsibility.
Medium · Cybersecurity
Chapters (10)
Introduction
0:52
Start of nmap, look at 404 errors to discover it is flask
3:30
Logged into the application, uploading an XML and XSLT to look at the converte
5:45
Attempting to use XXE to get File Disclosure, which doesn't work
9:10
Discovering the source code to the web application is on the about page, runni
13:20
Exploiting the Path Traversal vulnerability, due to putting user data in os.pa
16:25
Looking at documentation of the webapp, shows there is a cron executing python
20:28
Showing the XSLT Injection to write files to the server
30:55
Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it
33:00
Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below v
🎓
Tutor Explanation
DeepCamp AI