HackTheBox - Investigation

00:00 - Introduction
01:00 - Start of nmap
02:00 - Start of gobuster
04:00 - Discovering an upload form, looking for where things get uploaded
05:50 - The upload gives us ExifTool output, including the version number to show it is vulnerable to CVE-2022-23935
08:11 - You should really watch "The Perl Jam"
08:40 - Showing the weird syntax of perl's file open and how | leads to RCE
16:15 - Back to the box, exploiting and getitng a shell …

back box cve discover exiftool exploiting files gobuster hackthebox introduction investigation nmap perl rce reverse reverse shell shell start things version vulnerable watch weird