HackTheBox - Conversor

IppSec · Beginner ·🔐 Cybersecurity ·3mo ago

Key Takeaways

The video demonstrates a cybersecurity challenge on HackTheBox's Conversor box, utilizing tools like nmap, XML, and XSLT to exploit vulnerabilities such as Path Traversal and XSLT Injection, ultimately leading to Remote Code Execution (RCE) and privilege escalation via CVE-2024-48990 and sudoers misconfiguration.

Original Description

00:00 - Introduction 00:52 - Start of nmap, look at 404 errors to discover it is flask 03:30 - Logged into the application, uploading an XML and XSLT to look at the converter 05:45 - Attempting to use XXE to get File Disclosure, which doesn't work 09:10 - Discovering the source code to the web application is on the about page, running it on localhost which makes it easier to identify why exploits fail 13:20 - Exploiting the Path Traversal vulnerability, due to putting user data in os.path.join(), this write files anywhere the webserver has permission to 16:25 - Looking at documentation of the webapp, shows there is a cron executing python scripts in /var/www/conversor/scripts, write a file there to get RCE 20:28 - Showing the XSLT Injection to write files to the server 30:55 - Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it shows how this was overlooked 33:00 - Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below version 3.7
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →
1 HHC2016 - Analytics
HHC2016 - Analytics
IppSec
2 HackTheBox - October
HackTheBox - October
IppSec
3 HackTheBox - Arctic
HackTheBox - Arctic
IppSec
4 HackTheBox - Brainfuck
HackTheBox - Brainfuck
IppSec
5 HackTheBox - Bank
HackTheBox - Bank
IppSec
6 HackTheBox - Joker
HackTheBox - Joker
IppSec
7 HackTheBox - Lazy
HackTheBox - Lazy
IppSec
8 Camp CTF 2015 - Bitterman
Camp CTF 2015 - Bitterman
IppSec
9 HackTheBox - Devel
HackTheBox - Devel
IppSec
10 Reversing Malicious Office Document (Macro) Emotet(?)
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
11 HackTheBox - Granny and Grandpa
HackTheBox - Granny and Grandpa
IppSec
12 HackTheBox - Pivoting Update: Granny and Grandpa
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
13 HackTheBox - Optimum
HackTheBox - Optimum
IppSec
14 HackTheBox - Charon
HackTheBox - Charon
IppSec
15 HackTheBox - Sneaky
HackTheBox - Sneaky
IppSec
16 HackTheBox - Holiday
HackTheBox - Holiday
IppSec
17 HackTheBox - Europa
HackTheBox - Europa
IppSec
18 Introduction to tmux
Introduction to tmux
IppSec
19 HackTheBox - Blocky
HackTheBox - Blocky
IppSec
20 HackTheBox - Nineveh
HackTheBox - Nineveh
IppSec
21 HackTheBox - Jail
HackTheBox - Jail
IppSec
22 HackTheBox - Blue
HackTheBox - Blue
IppSec
23 HackTheBox - Calamity
HackTheBox - Calamity
IppSec
24 HackTheBox - Shrek
HackTheBox - Shrek
IppSec
25 HackTheBox - Mirai
HackTheBox - Mirai
IppSec
26 HackTheBox - Shocker
HackTheBox - Shocker
IppSec
27 HackTheBox - Mantis
HackTheBox - Mantis
IppSec
28 HackTheBox - Node
HackTheBox - Node
IppSec
29 HackTheBox - Kotarak
HackTheBox - Kotarak
IppSec
30 HackTheBox - Enterprise
HackTheBox - Enterprise
IppSec
31 HackTheBox - Sense
HackTheBox - Sense
IppSec
32 HackTheBox - Minion
HackTheBox - Minion
IppSec
33 VulnHub - Sokar
VulnHub - Sokar
IppSec
34 VulnHub - Pinkys Palace v2
VulnHub - Pinkys Palace v2
IppSec
35 HackTheBox - Inception
HackTheBox - Inception
IppSec
36 Vulnhub - Trollcave 1.2
Vulnhub - Trollcave 1.2
IppSec
37 HackTheBox - Ariekei
HackTheBox - Ariekei
IppSec
38 HackTheBox - Flux Capacitor
HackTheBox - Flux Capacitor
IppSec
39 HackTheBox - Jeeves
HackTheBox - Jeeves
IppSec
40 HackTheBox - Tally
HackTheBox - Tally
IppSec
41 HackTheBox - CrimeStoppers
HackTheBox - CrimeStoppers
IppSec
42 HackTheBox - Fulcrum
HackTheBox - Fulcrum
IppSec
43 HackTheBox - Chatterbox
HackTheBox - Chatterbox
IppSec
44 HackTheBox - Falafel
HackTheBox - Falafel
IppSec
45 How To Create Empire Modules
How To Create Empire Modules
IppSec
46 HackTheBox - Nightmare
HackTheBox - Nightmare
IppSec
47 HackTheBox - Nightmarev2  - Speed Run/Unintended Solutions
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
48 HackTheBox - Bart
HackTheBox - Bart
IppSec
49 HackTheBox -  Aragog
HackTheBox - Aragog
IppSec
50 HackTheBox - Valentine
HackTheBox - Valentine
IppSec
51 HackTheBox - Silo
HackTheBox - Silo
IppSec
52 HackTheBox - Rabbit
HackTheBox - Rabbit
IppSec
53 HackTheBox - Celestial
HackTheBox - Celestial
IppSec
54 HackTheBox - Stratosphere
HackTheBox - Stratosphere
IppSec
55 HackTheBox - Poison
HackTheBox - Poison
IppSec
56 HackTheBox - Canape
HackTheBox - Canape
IppSec
57 HackTheBox - Olympus
HackTheBox - Olympus
IppSec
58 HackTheBox - Sunday
HackTheBox - Sunday
IppSec
59 HackTheBox - Fighter
HackTheBox - Fighter
IppSec
60 HackTheBox - Bounty
HackTheBox - Bounty
IppSec

This video teaches viewers how to exploit vulnerabilities in a web application to gain Remote Code Execution (RCE) and escalate privileges, highlighting the importance of secure coding practices and vulnerability management. The lesson covers tools and techniques such as nmap, XML, and XSLT injection, as well as exploiting CVEs and misconfigured sudoers files. By following the steps outlined in the video, viewers can improve their skills in web application security and vulnerability exploitation

Key Takeaways
  1. Use nmap to scan for open ports and identify the web application framework
  2. Attempt to exploit XXE vulnerabilities
  3. Discover and exploit Path Traversal vulnerabilities
  4. Use XSLT Injection to write files to the server
  5. Exploit CVE-2024-48990 for privilege escalation
  6. Analyze sudoers files for misconfigurations
💡 Proper input validation and secure coding practices are crucial in preventing vulnerabilities such as Path Traversal and XSLT Injection, and regular updates and patch management can prevent exploitation of known vulnerabilities like CVE-2024-48990.

Related Reads

📰
Top 10 Cybersecurity Jobs That AI Cannot Replace: The Human-in-the-Loop Roadmap
Discover the top 10 cybersecurity jobs that AI cannot replace and learn how to future-proof your career in the human-in-the-loop roadmap
Dev.to · Shweta Pathak
📰
HackTheBox: Manage Writeup
Learn to exploit a Linux box with an exposed Java RMI / JMX service and gain root access
Dev.to · Yogeshwar Peela
📰
How to Secure a VPS: The Complete Ubuntu Hardening Guide
Secure your Ubuntu VPS by following a step-by-step hardening guide to protect against common attacks
Dev.to · Wade Thomas
📰
OSS Never Solved Security. It Solved Responsibility.
The open-source vs proprietary debate is about responsibility, not security, and regulations like the EU's Cyber Resilience Act highlight this shift
Medium · Cybersecurity

Chapters (10)

Introduction
0:52 Start of nmap, look at 404 errors to discover it is flask
3:30 Logged into the application, uploading an XML and XSLT to look at the converte
5:45 Attempting to use XXE to get File Disclosure, which doesn't work
9:10 Discovering the source code to the web application is on the about page, runni
13:20 Exploiting the Path Traversal vulnerability, due to putting user data in os.pa
16:25 Looking at documentation of the webapp, shows there is a cron executing python
20:28 Showing the XSLT Injection to write files to the server
30:55 Can run NeedRestart with sudo, which is a GTFOBin, looking at sudoers file it
33:00 Exploiting CVE-2024-48990 which is a vulnerability against NeedRestart below v
Up next
Surfshark Review — The Honest Pros, Cons and Final Verdict (2026)
Tutorial Stack
Watch →