Official Topology Discussion

Are you able to read the file, which they’ve been mentioning on this forum? I’m just able to read one line on /etc/… other than that no luck

one line is enough; do you know exactly which file you’re supposed to read?

Nope. If you could give any hint that would be great. Thanks.

Yea, I’m also in need of a hint of that file that’s being mentioned a couple times

you need to find subdomains, and once you’ve done that, you’ll immediately understand which file you need to read

1 Like

I would also like a hint to which file everyone is talking about, i’ve enumerated about 600k subdomains, what am I missing ? Can anyone please DM ?

It’s surprising, subdomain is a very common name; how did you search it ?

I used gobuster and SecLists, started with the top 5000, 20000, then ended up using a 600k subdomain wordlist, just found the latex one…

had the same problem with gobuster, used wfuzz instead. this worked, you just need the 5k one.

got it, thanks !

1 Like

i can read one line of some files like the /etc/passwd, /proc/self/attr/current, but i can’t read the environ one ? i have a feeling that i should write a revshell to a file but i can’t, also i have found the subdomain requesting the thing but i don’t know if the file you guys are referring to have the answer for this and if so how am i supposed to know it’s path and name? oh and i also found another subdomain that look useless

Hey, I’m stuck in the same thing. Could you give me a hint on encoding? I guess is using b64
Thanks in advance!

If you got right to the injection, think about enumerate a little bit more.
if you can only read one line, think what kind of file have sensitive info on the first line.

Annoying machine XD

guys shouldn’t it be smth like \c******`$=11 ? this is driving me crazy :sweat_smile:

Shouldn’t you go back to the actual mode after reading?

i tried \c******`$=12 but couldnt get it to work

same

Tip for user: not sure if the intended way, but instead of fighting the special character, you can use the same bypass technique to write a small interpreter on the server and use that to poke around the filesystem.

Hope it helps!

I don’t know why latex.topology.htb/equation.php throws Server Not Found. Any Idea why? edit my /etc/hosts with the corresponding IP.

You need to add subdomains to the hosts file as well. they can be on the same line like an alias

x.x.x.x bar fu.bar