Topology – HackTheBox -Writeup

Machine Name: Topology
Difficulty: Easy


Topology is an easy machine which starts by exploiting LaTeX injection to read files on the server that contain password hashes. After cracking the password hash, it was possible to login via SSH and obtain the user flag. The privilege escalation consisted of enumerating for processes that are run by root. One of the processes being run by root executed “.plt” files in a particular folder to which the user had write permissions. Finally, it was a simple matter of looking up the documentation on running OS commands for that particular extension and use it to gain a shell as root.

Read More