Celestial (and the things that don't work out...)

Hi guys! I’m probably getting crazy with Celestial machine because the things are not working out and i can’t understand the reason why! I’ve found THAT service on THAT port and i’m trying to hack that with the cookie, burp, and nc you know… But once i’ve injected the shell netcat doesn’t enstablish any listener connection! It’s really strange because i’ve followed the right article that explain how to exploit that bug and i’m not figuring out why.

try executing simple commands before obtaining shell

Hi !
@83114C140 I am in the same situation as you.
@ronny I’m trying to run simple commands by modifying the cookie but I can not. Should we use “rce” or “run” or other things in the cookie to get the result of “ls” command ?
A hint to put me on the right track would be welcome !

Thx in advance.

I tried slightly different codes for creating the reverse shell - and one version was more stable than the others even though the method of making the connection was exactly the same. With other versions I saw: Sometimes connected, sometimes not, sometimes connected but disconnected again immediately. I think the good code does some right related to error handling and re-connections.

The version I finally used (when I rooted successfully) was the one linked in that infamous article (or what I believe is this article). But I did not use the other code from this article - I started from more general resources about exploiting such bugs in the underlying language, not necessarily in that framework. Happy to discuss details over PM to compare solutions.

@kekra said:
Happy to discuss details over PM to compare solutions.

Sorry - that sounded much more spoilery than I intended. I don’t want to compare complete solutions of course - just hints about what makes a reverse shell stable or not, in general. It’s also because I wonder if the pattern I seemingly saw (good shells vs. bad shells) was just arbitrary and due to the instability of the box and frequent resets.