Swagshop RCE

Hi, I don't know if this is the right place to do this, but I am stuck with the SwagShop machine. I try to make the RCE work but the script keeps giving me this error:

Traceback (most recent call last):
File "37811.py", line 56, in
br['login[username]'] = username
File "/usr/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 796, in setitem
self.form[name] = val
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 1963, in setitem
control = self.find_control(name)
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 2355, in find_control
return self._find_control(name, type, kind, id, label, predicate, nr)
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 2446, in _find_control
description)
mechanize._form_controls.AmbiguityError: more than one control matching name 'login[username]'

If you have any idea how this might be happing I would love to hear from you,

Thanks in advance

Tagged:

Comments

  • Look at the machine's URL formatting a bit more, you have to modify the script

    Hack The Box
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )

  • edited October 12

    @clubby789 said:

    Look at the machine's URL formatting a bit more, you have to modify the script

    Please actually read the post and the error rather than just giving the canned response based on the writeup. This error is not encountered in the writeup or Ippsec video. I get the error too; it's happening when Mechanize tries to log in, rather than when it tries to send the payload, which is the error the modification in the writeup fixes.

    This error results because for whatever reason, Mechanize is seeing multiple username/password fields. The index parameter must be used to select the correct one. Comment out the following in the script:

    #br.form.new_control('text', 'login[username]', {'value': username})  # Had to manually add username control.
    #br.form.fixup()
    #br['login[username]'] = username
    #br['login[password]'] = password
    

    And replace it with this:

    userone = br.find_control(name="login[username]", nr=0)
    userone.value = username
    pwone = br.find_control(name="login[password]", nr=0)
    pwone.value = password
    

    This should fix the issue and allow Mechanize to log in. Note that more modification to the script will be required per the Ippsec video and official write-up.

Sign In to comment.