Join me as I take down Book! This box had some stability issues, but was a great introduction to LFI via XSS on dynamic PDFs. Combining that with SQL truncation, we’ll gain foothold and use the Logrotten exploit to get a root shell.
#HackTheBox #HTB #Book #BridgingTheGap
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Come follow along as I tackle ForwardSlash from HackTheBox. There are a variety of chained items to get a foothold; from Virtual Host enumeration to File Inclusion vulnerabilities. From there, getting root required bypassing a custom time-sync’d backup program and decrypting the final password with a custom Python encryption script. With some LUKS encryption and mounting a backup, the whole box was a challenge from start to finish!
#HackTheBox #HTB #ForwardSlash #BridgingTheGap