@xenofon said:
hey guys i am in the middle of something really weird…i used a famous exploit for the box st***-*wn.py and gave a an error "ChunkedEncodingError Error: Making another request to the url."but when i am on the terminal of the pyCharm it’s working well,and i have rce at all the .action files…WHAT IS GOING ON???
It doesn’t really matter where you getting RCE from - your OS terminal or pyCharm terminal. If you got RCE, you have all you need to move forward.
its true that, and thanks for the reply but i was wondering why is this happening,anyway i found another exploit for this vulns and it’s working fine…i am trying to revershe shell now but nothing is happening…i dont know i will do more searching on the box
@xenofon said:
hey guys i am in the middle of something really weird…i used a famous exploit for the box st***-*wn.py and gave a an error "ChunkedEncodingError Error: Making another request to the url."but when i am on the terminal of the pyCharm it’s working well,and i have rce at all the .action files…WHAT IS GOING ON???
It doesn’t really matter where you getting RCE from - your OS terminal or pyCharm terminal. If you got RCE, you have all you need to move forward.
its true that, and thanks for the reply but i was wondering why is this happening,anyway i found another exploit for this vulns and it’s working fine…i am trying to revershe shell now but nothing is happening…i dont know i will do more searching on the box
As it was previously mentioned, you don’t need reverse shell if RCE is working. You are going to waste a lot of time trying to get reverse shell up and running.
Yea, super confused with the permissions on the file. If I follow the ‘old version’ method, I can’t still access the file(s). If hijack, I can’t do anything greater than user either - not sure if the whole snake area is pointless?
i cant understand, test owned by root, import hashlib, when we edit hashlib for an os command like “ls” we should ls root files but i got permission denied , if that, we need the last hash to call success.py which is in root dir
I’ve just completed it… with thanks to @r518 re-iterating what is already known! @waspy , by the sounds of it you are doing it right - just need to understand how to run it.
I am banging my head off the wall with this one. The RCE works, I can see the service and I can issue a connection request using the creds but everything else fails. I’ve tried creating scripts and uploading them but that errors out (as others have pointed out, I’ve even spent quite some time trying to get a reverse shell but to no avail).
If anyone is kind enough to PM with a nudge, it would be massively appreciated.
Keep digging, what else can you find and work with on the box to get more info and maybe even credentials if that file doesn’t work? Keep looking, or as they say here enumerate more.