@etsandy said:
Anyone able to PM on where I may be going wrong here with response to my payload:
SyntaxError: Unexpected token
at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)
Well, I can’t seem to get the payload running. I send the request after encoding it accordingly but nc doesn’t receive the connection, I tried using a couple different payloads and none seems to be working, does anyone know if it’s a problem with nc or if I’m missing something? A PM would be highly appreciated, this is getting frustrating.
Got user but completely stuck on privesc. Very new to this and have no idea how to go about it. A slight nudge in the right direction would be super helpful if anyone is wiling.
Thank you
Ok so i found the 2 useful files and worked out their timings (don’t think thats a spoiler) but there are people editing them as i do and im not sure if im trying to type the wrong command or they are if someone could just help advice on what the correct command is so i know my fighting isnt futile that’d be great.
Nvm literally just got it right after adding that if anyone needs help just dm me
Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !
Having issues with your exploit? (Shoutout to Baud for the help with this)
Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.
Not getting a shell?
If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
You will want to punch yourself if you don’t.
Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.
Hello, I am following the article and i have generated the excact same payload as in the article. But when i send it in place of the snickerdoodle i am getting a bunch of syntax errors in the response, any ideas?