Topology | HTB Walkthrough

Let’s connect to OpenVPN using the command in the Linux terminal after downloading it.

sudo openvpn {vpn_file}

Upon connecting, perform an nmap scan to search for open ports, their versions, and more details using:

nmap -sV -A -T4 10.10.11.227

Access the IP machine to ensure online accessibility while waiting for the nmap scan results.

Next, explore for additional information. While scrolling, discover the "LaTex Equation Generator." If the website is inaccessible, consider modifying the host file located at "/etc/hosts" using a command like "nano /etc/hosts." Insert the IP address of the machine and the problematic link, for instance:

10.10.11.217 latex.topology.htb

We may open the IP machine and see if it can be accessible online while we wait for the results of the nmap scan procedure.

Proceed by conducting searches on google using keywords such as "Latex Exploit" or "Latex Injection."

Experiment with various scripts within the blue-block-containing image to identify an appropriate payload. On the "latex.topology.htb" website, input the following:

script$\lstinputlisting{/var/www/dev/.htpasswd}$

The outcome is displayed below:

Click "generate," and capture the outcome as seen above into a .txt file. Utilize the Linux terminal's john function to determine the password result.

Once the password is found, use SSH (port 22 is open according to the nmap scan) with the command:

ssh vdaisley@10.10.11.217

Post successful access, find the intended target. As a means to monitor server activities, download the 'pspy64' utility.

Transmit this file to the SSH server after downloading completes. Create a webpage on the Linux computer using:

python3 -m http.server

Download the 'pspy64' file onto the SSH server computer. Execute './pspy64' and use 'chmod +x pspy64' to locate the 'gnuplot' directory file.

Found the flag!