Official Topology Discussion

itghost · June 17, 2023, 10:05am

Are you able to read the file, which they’ve been mentioning on this forum? I’m just able to read one line on /etc/… other than that no luck

cromiphi · June 17, 2023, 10:44am

one line is enough; do you know exactly which file you’re supposed to read?

itghost · June 17, 2023, 11:27am

Nope. If you could give any hint that would be great. Thanks.

d3c4d3 · June 17, 2023, 11:29am

Yea, I’m also in need of a hint of that file that’s being mentioned a couple times

cromiphi · June 17, 2023, 11:32am

you need to find subdomains, and once you’ve done that, you’ll immediately understand which file you need to read

JohnnYN · June 17, 2023, 2:42pm

I would also like a hint to which file everyone is talking about, i’ve enumerated about 600k subdomains, what am I missing ? Can anyone please DM ?

cromiphi · June 17, 2023, 3:23pm

It’s surprising, subdomain is a very common name; how did you search it ?

JohnnYN · June 17, 2023, 3:28pm

I used gobuster and SecLists, started with the top 5000, 20000, then ended up using a 600k subdomain wordlist, just found the latex one…

alic3 · June 17, 2023, 3:33pm

had the same problem with gobuster, used wfuzz instead. this worked, you just need the 5k one.

JohnnYN · June 17, 2023, 3:48pm

got it, thanks !

CREED404 · June 17, 2023, 11:12pm

i can read one line of some files like the /etc/passwd, /proc/self/attr/current, but i can’t read the environ one ? i have a feeling that i should write a revshell to a file but i can’t, also i have found the subdomain requesting the thing but i don’t know if the file you guys are referring to have the answer for this and if so how am i supposed to know it’s path and name? oh and i also found another subdomain that look useless

dugonz · June 18, 2023, 12:13am

Hey, I’m stuck in the same thing. Could you give me a hint on encoding? I guess is using b64
Thanks in advance!

mrpunkyx · June 18, 2023, 1:42am

If you got right to the injection, think about enumerate a little bit more.
if you can only read one line, think what kind of file have sensitive info on the first line.

Annoying machine XD

CREED404 · June 18, 2023, 5:26pm

guys shouldn’t it be smth like \c******`$=11 ? this is driving me crazy

Fr13mel · June 18, 2023, 8:27pm

Shouldn’t you go back to the actual mode after reading?

guruprk · June 20, 2023, 1:31am

i tried \c******`$=12 but couldnt get it to work

shroomies · June 21, 2023, 12:44am

same

mrpunkyx · June 21, 2023, 11:46pm

Tip for user: not sure if the intended way, but instead of fighting the special character, you can use the same bypass technique to write a small interpreter on the server and use that to poke around the filesystem.

Hope it helps!

duckman42 · June 23, 2023, 12:23am

I don’t know why latex.topology.htb/equation.php throws Server Not Found. Any Idea why? edit my /etc/hosts with the corresponding IP.

nytaros · June 23, 2023, 5:43am

You need to add subdomains to the hosts file as well. they can be on the same line like an alias

x.x.x.x bar fu.bar

Topic		Replies	Views
Official Moderators Discussion Machines	12	2479	October 17, 2022
Official Driver Discussion Machines	72	9628	May 5, 2022
Official Pov Discussion Machines	59	3391	May 20, 2024
Official Perfection Discussion Machines	39	7159	July 18, 2024
Official TheNotebook Discussion Machines	172	20648	July 26, 2021

Official Topology Discussion

Related topics