Wall

can anybody give me a hint on what to modify on my script . i got the cred but i cannot trigger the listener…

I’m Have w**** shell but I need advice for root :confused:

I found c******* login page but i’m unable to get the login credentials with hydra a little nudge would be appreciated

Someone could help me please? I know the cre for c******* and I found the exploit but it is not working! It says run succerssfully but I do not get a shell…someone could please help me out?

Thanks @Thr0yr for the nudge. I was down a rabbit hole! :slight_smile:

@beorn has been a great resource for help/hints but he hasn’t responded for ~8 hours and I’m still stuck at the ■■■■ web API. I tried the C** e****** written by the author but it doesn’t grant RCE as it’s supposed to. I get errors with the parser that I don’t know how to fix and just, blah. Again, totally new to all this (besides some web dev/Windows sysadmin experience). He suggested I try to gain RCE through the a**** p***** of the web API but I’m finding nothing and I’ve spent hours looking and tried a few things - only one of which I thought would actually allow me to connect remotely. Anyone available for some help?

Stuck with the c****** login.
brute forced a password but it says 403. and sometimes it logs in on its own, I have no idea how that is happening.
Any help would be appreciated

EDIT: nvm logged in. That was stupid of me.

Got root, and then user… is this intended? did i miss something?

Type your comment> @t4l0 said:

Got root, and then user… is this intended? did i miss something?

I think there is a path from user to root but I went from w**.d*** straight to root also. That seemed to be the path of least resistance.

Rooted.
Did someone tried to crack the .ht****** file? → maybe is that the path for w**-***** to user?

Hi please PM me for help with getting root or user. Got shell allready but I am stuck.

PLEASE PLEASE PLEASE When I try to exploit c****** manually, it says 403 forbidden. How can I bypass it? Please someone! I’m stuck for days :cry:

All, I am having trouble escaping particular characters when it comes to the cve script. I am new to this and haven’t dealt too much with escape characters. PM pls and I will show you what I have tried.

Hi, so this is my first machine, trying to get in for days. I tried all of the possible passwords and wrote custom bruteforcer in Python to handle anti-C***. Finally got password for ***, unfortunately it says Forbidden. RCE Exploit does not work, as I suppose it should receive 200 after authentication and not 403. Any hints how to overcome this one?
Ok, I know how to proceed further. Will try to use a
instead of regular traffic.

Frustrating… I can see NC receive a connection but I’m unable to issue any commands (at least I’m not able to see the output of them). Any ideas?

@daks39 said:
I am also struggling to get the credentials for the /c******* . I tried with many different ways such as try to guess, default credentials, bruteforcing with different wordlists and common usernames, and also I wrote a python script in order to bypass the CSRF protection, if this was the problem but with no luck either… There is a password that no matter the username, gives you a different response (403) but isn’t helpful because you can’t use-access the required url’s for the public exploit… I really don’t know what else should I do…

Look at the documentation for AuthN. Once you understand how to talk to that, it’s a 1-5 line script (depending on your language of choice), no CSRF token needed. I would bet lots of money that you’ve already used the right wordlist, so re-evaluate the script you wrote

Type your comment> @lunchboxrcl said:

Frustrating… I can see NC receive a connection but I’m unable to issue any commands (at least I’m not able to see the output of them). Any ideas?

Same here, have the connection back, but can’t interact with the shell?? Anyone?

Can someone help me with the script? I’m having an hard time even getting feedback for my actions…

Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P… token

Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so I’m struggling to see a way forward as I get no responses to command to know where to dig more.

Thanks in advance

Type your comment> @GChester said:

Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P… token

Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so I’m struggling to see a way forward as I get no responses to command to know where to dig more.

Thanks in advance

I am exactly at the same point. The error mentions a “list index out of range”.

PP