Chaos - Hack The Box
Chaos starts with some enumeration to find a hidden wordpress site that contains a set of credentials for a webmail site. There’s some simple crypto we have to do to decrypt an attachment and find a hidden link on the site. We then exploit the PDF creation website which uses LaTeX and gain RCE. After getting a reverse shell, we do some digging into the user’s folders and find the webmin root credentials stored in the Firefox user profile.
wordpress weak credentials pdf LaTeX firefox saved credentials