To get to root, I’ll exploit a cron running gnuplot. htpassword file for a dev site, which has a shared password with a user on the box.
I’ll exploit an injection to get file read, and get the. One has a utility for turning LaTeX text into an image.
Topology starts with a website for a Math department at a university with multiple virtual hosts. Htb-topology ctf hackthebox nmap ubuntu feroxbuster ffuf subdomain latex pdftex file-read htaccess htpasswd hashcat gnuplot filter bypass