HackTheBox - Previous

IppSec · Beginner ·🔐 Cybersecurity ·4mo ago

00:00 - Introduction 01:00 - Start of nmap 03:44 - Wappalyzer detects NextJS and shows the version, looking at CVE's 07:20 - Looking at the nextjs middleware vulnerability (CVE-2025-29927) 09:50 - Our nuclei scan didn't detect it, looking at templates, it should but needs the headless flag 12:20 - Adding the x-middleware-subrequest to our request to bypass auth 15:05 - Setting BurpSuite to add a header, so we don't have to manually add the middleware to our request 17:20 - Discovering a File Disclosure in the examples 19:20 - Building a skeleton project to find configs, grabbing package.json then using npm build 24:15 - Finding credentials in the nextauth, getting credentials and then logging in with SSH 25:45 - We can run a specific terraform command with sudo, env_reset is not enabled but we can't edit path 29:30 - Declaring source_file in our environment, which then will use it in the script. Using SymLink to read unintended files 34:15 - Doing the same thing with source_file but changing the symlink to be the file we write, to have an elevated file write vuln 37:15 - Editing the terraform config to change the terraform provider and get RCE

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

Stop trusting your agent skills with vibes. Eliminate the context security risk.

Learn to eliminate context security risks by using specific tools to audit package installations, rather than relying on intuition

Dev.to · Tessl

Investigating a Command Injection Attack — SOC168: Whoami Command Detected in Request Body |…

Learn to investigate Command Injection attacks using a real-world example on the LetsDefend SOC platform

Medium · Cybersecurity

Learn to analyze nmap scan results to identify open ports and potential vulnerabilities in a system

Medium · Cybersecurity

Detecting Dangerous Shell Commands in Rust — Building a Safety Layer

Learn to detect dangerous shell commands in Rust and build a safety layer to prevent malicious activity

Dev.to · hiyoyo

Chapters (14)

Introduction

1:00 Start of nmap

3:44 Wappalyzer detects NextJS and shows the version, looking at CVE's

7:20 Looking at the nextjs middleware vulnerability (CVE-2025-29927)

9:50 Our nuclei scan didn't detect it, looking at templates, it should but needs th

12:20 Adding the x-middleware-subrequest to our request to bypass auth

15:05 Setting BurpSuite to add a header, so we don't have to manually add the middle

17:20 Discovering a File Disclosure in the examples

19:20 Building a skeleton project to find configs, grabbing package.json then using

24:15 Finding credentials in the nextauth, getting credentials and then logging in w

25:45 We can run a specific terraform command with sudo, env_reset is not enabled bu

29:30 Declaring source_file in our environment, which then will use it in the script

34:15 Doing the same thing with source_file but changing the symlink to be the file

37:15 Editing the terraform config to change the terraform provider and get RCE