HackTheBox - Conversor

Name: HackTheBox - Conversor
Uploaded: 2026-03-21T15:01:20+00:00
Channel: IppSec
Description: 00:00 - Introduction 00:52 - Start of nmap, look at 404 errors to discover it is flask 03:30 - Logged into the application, uploading an XML and XSLT to...

IppSec · Beginner ·🔐 Cybersecurity ·1w ago

00:00 - Introduction 00:52 - Start of nmap, look at 404 errors to discover it is flask 03:30 - Logged into the application, uploading an XML and XSLT to look at the converter 05:45 - Attempting to use XXE to get File Disclosure, which doesn't work 09:10 - Discovering the source code to the web application is on the about page, running it on localhost which makes it easier to identify why exploits fail 13:20 - Exploiting the Path Traversal vulnerability, due to putting user data in os.path.join(), this write files anywhere the webserver has permission to 16:25 - Looking at documentation of the …

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Introduction

0:52 Start of nmap, look at 404 errors to discover it is flask

3:30 Logged into the application, uploading an XML and XSLT to look at the converte

5:45 Attempting to use XXE to get File Disclosure, which doesn't work

9:10 Discovering the source code to the web application is on the about page, runni

13:20 Exploiting the Path Traversal vulnerability, due to putting user data in os.pa

16:25 Looking at documentation of the webapp, shows there is a cron executing python

20:28 Showing the XSLT Injection to write files to the server

30:55 Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it

33:00 Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below v

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →