Python Debugging [Chemistry - HackTheBox]

In Chemistry from HackTheBox, I am able to expliot a deserialization vulenrability in pymatgen to get RCE. My Bash reverse shell was acting a bit odd, and in this video, I'll show the process to figure out what was happening, adding breakpoints to debug live on HTB.

Full Chemistry solution: https://0xdf.gitlab.io/2025/03/08/htb-chemistry.html
IppSec's Chemistry video: https://www.youtube.com/watch?v=OH00LkpHyLk
Bash reverse shell explainer: https://www.youtube.com/watch?v=OjkVep2EIlw

☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf

[00:00] Introduction
[01:30] Conundrum overview
[03:33] Getting Flask running debuggable
[06:36] Adding breakpoint in library
[07:57] Debugging broken payload
[09:26] Showing source of added *
[12:23] Why does /bin/bash work?
[14:17] Conclusion

#HackTheBox #ctf #python #debug #flask

Скачать видео