HackTheBox - LinkVortex

Name: HackTheBox - LinkVortex
Uploaded: 2025-04-12T15:00:46Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:00 - Discovering the Forgot Password lets us enumerate valid emails 04:00 - Using ffuf to enumerate subdom...

IppSec · Beginner ·🔐 Cybersecurity ·11mo ago

00:00 - Introduction 01:00 - Start of nmap 03:00 - Discovering the Forgot Password lets us enumerate valid emails 04:00 - Using ffuf to enumerate subdomains via virtual host 06:55 - Discovering .git on the dev subdomain, using git-dumper to download the repo 08:20 - Discovering cached files in the .git, one of which has a credential 10:08 - Logged into Ghost, finding the version which shows its vulnerable to CVE-2023-40028 12:20 - Manually performing the Ghost File Disclosure exploit 15:00 - Using the public exploit script to leak the ghost config which gives us an SSH Credential 18:15 - Going…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

1:00 Start of nmap

3:00 Discovering the Forgot Password lets us enumerate valid emails

4:00 Using ffuf to enumerate subdomains via virtual host

6:55 Discovering .git on the dev subdomain, using git-dumper to download the repo

8:20 Discovering cached files in the .git, one of which has a credential

10:08 Logged into Ghost, finding the version which shows its vulnerable to CVE-2023-

12:20 Manually performing the Ghost File Disclosure exploit

15:00 Using the public exploit script to leak the ghost config which gives us an SSH

18:15 Going over the clean_symlink.h script we can run with sudo, which is vulnerabl

19:40 Showing the Command Injection vulnerability, because of how the script did the

20:20 Showing we can bypass the filter by pointing a symlink to another symlink

26:10 Showing the race condition, where we can change the contents of the symlink af

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →