HackTheBox - LinkVortex

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

Key Takeaways

Exploits Forgot Password to enumerate valid emails and uses ffuf to enumerate subdomains in LinkVortex

Original Description

00:00 - Introduction 01:00 - Start of nmap 03:00 - Discovering the Forgot Password lets us enumerate valid emails 04:00 - Using ffuf to enumerate subdomains via virtual host 06:55 - Discovering .git on the dev subdomain, using git-dumper to download the repo 08:20 - Discovering cached files in the .git, one of which has a credential 10:08 - Logged into Ghost, finding the version which shows its vulnerable to CVE-2023-40028 12:20 - Manually performing the Ghost File Disclosure exploit 15:00 - Using the public exploit script to leak the ghost config which gives us an SSH Credential 18:15 - Going over the clean_symlink.h script we can run with sudo, which is vulnerable 3 different ways 19:40 - Showing the Command Injection vulnerability, because of how the script did the if/then logic in bash 20:20 - Showing we can bypass the filter by pointing a symlink to another symlink 26:10 - Showing the race condition, where we can change the contents of the symlink after it checks if it is malicious

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

Security Belongs on the Blueprint

Integrate security into building design to mitigate physical and cyber risks

Medium · Cybersecurity

# A 4-Line HTML File Stole the Admin’s Secret — Intigriti LeakyJar CTF Writeup

Learn how a 4-line HTML file exploited a CSRF vulnerability to steal an admin's secret in the Intigriti LeakyJar CTF challenge

Medium · Cybersecurity

The Digital Gateway to Arabic Cybersecurity

Learn about the importance of language-specific cybersecurity solutions, particularly for Arabic-speaking regions, and how they can enhance digital security

Medium · Cybersecurity

Cybersecurity vs Cloud Computing – Which Career Will Dominate 2026? ☁️

Learn which IT career, cybersecurity or cloud computing, will dominate in 2026 and why it matters for your career choices

Medium · Cybersecurity

Chapters (13)

Introduction

1:00 Start of nmap

3:00 Discovering the Forgot Password lets us enumerate valid emails

4:00 Using ffuf to enumerate subdomains via virtual host

6:55 Discovering .git on the dev subdomain, using git-dumper to download the repo

8:20 Discovering cached files in the .git, one of which has a credential

10:08 Logged into Ghost, finding the version which shows its vulnerable to CVE-2023-

12:20 Manually performing the Ghost File Disclosure exploit

15:00 Using the public exploit script to leak the ghost config which gives us an SSH

18:15 Going over the clean_symlink.h script we can run with sudo, which is vulnerabl

19:40 Showing the Command Injection vulnerability, because of how the script did the

20:20 Showing we can bypass the filter by pointing a symlink to another symlink

26:10 Showing the race condition, where we can change the contents of the symlink af

You Think Your Card Declined by Mistake? It Might Be a 2026 Scam

Tolulope Michael