HackTheBox - Previous

Name: HackTheBox - Previous
Uploaded: 2026-01-10T15:01:04Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 03:44 - Wappalyzer detects NextJS and shows the version, looking at CVE's 07:20 - Looking at the nextjs middl...

IppSec · Beginner ·🔐 Cybersecurity ·2mo ago

00:00 - Introduction 01:00 - Start of nmap 03:44 - Wappalyzer detects NextJS and shows the version, looking at CVE's 07:20 - Looking at the nextjs middleware vulnerability (CVE-2025-29927) 09:50 - Our nuclei scan didn't detect it, looking at templates, it should but needs the headless flag 12:20 - Adding the x-middleware-subrequest to our request to bypass auth 15:05 - Setting BurpSuite to add a header, so we don't have to manually add the middleware to our request 17:20 - Discovering a File Disclosure in the examples 19:20 - Building a skeleton project to find configs, grabbing package.json t…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

Introduction

1:00 Start of nmap

3:44 Wappalyzer detects NextJS and shows the version, looking at CVE's

7:20 Looking at the nextjs middleware vulnerability (CVE-2025-29927)

9:50 Our nuclei scan didn't detect it, looking at templates, it should but needs th

12:20 Adding the x-middleware-subrequest to our request to bypass auth

15:05 Setting BurpSuite to add a header, so we don't have to manually add the middle

17:20 Discovering a File Disclosure in the examples

19:20 Building a skeleton project to find configs, grabbing package.json then using

24:15 Finding credentials in the nextauth, getting credentials and then logging in w

25:45 We can run a specific terraform command with sudo, env_reset is not enabled bu

29:30 Declaring source_file in our environment, which then will use it in the script

34:15 Doing the same thing with source_file but changing the symlink to be the file

37:15 Editing the terraform config to change the terraform provider and get RCE

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →