writeup - Security Research Blog

HackTheBox

HTB Topology: LaTeX Injection to Root

The HackTheBox Topology machine is an easy-rated Linux box that chains together classic web enumeration, a LaTeX injection vulnerability, credential cracking with John the Ripper, and a gnuplot + cron privilege escalation path.

HackTheBox

HTB GreenHorn Writeup: Pluck CMS 4.7.18 RCE to Root

GreenHorn is an easy-rated Linux box on HackTheBox. This writeup covers Pluck CMS 4.7.18 RCE via Gitea credential leakage, lateral movement through password reuse, and root privilege escalation by depixelizing a blurred PDF password.

Articles

HTB Topology: LaTeX Injection to Root

HTB GreenHorn Writeup: Pluck CMS 4.7.18 RCE to Root