@daks39 said:
I am also struggling to get the credentials for the /c******* . I tried with many different ways such as try to guess, default credentials, bruteforcing with different wordlists and common usernames, and also I wrote a python script in order to bypass the CSRF protection, if this was the problem but with no luck either… There is a password that no matter the username, gives you a different response (403) but isn’t helpful because you can’t use-access the required url’s for the public exploit… I really don’t know what else should I do…
Look at the documentation for AuthN. Once you understand how to talk to that, it’s a 1-5 line script (depending on your language of choice), no CSRF token needed. I would bet lots of money that you’ve already used the right wordlist, so re-evaluate the script you wrote
Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P… token
Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so I’m struggling to see a way forward as I get no responses to command to know where to dig more.
Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P… token
Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so I’m struggling to see a way forward as I get no responses to command to know where to dig more.
Thanks in advance
I am exactly at the same point. The error mentions a “list index out of range”.
Since the creator of the box was the one who found the zero day and wrote the CVE, I think he probably (maybe?) made it to where the script he wrote isn’t supposed to work. It probably could with some heavy editing but, as I was hinted at, just read the script line-by-line, understand what it does step by step and try to reproduce that in the w** A** a**** p****.
I have tried rewriting this exploit, and it simply isn’t working. I’ve also tried to exploit manually, but I’m continually getting 403s once I put a space in the input field. I’ve encoded the space and same thing. This is frustrating…
Facing the same issue. Were you able to resolve it ?
Anyone want to hint me what to do to / with the script. I have what appear to be valid creds, but the script falls over trying to get a P… token
Trying to follow the links in the CVE write up gets me blank pages or a BAD REQUEST response, so I’m struggling to see a way forward as I get no responses to command to know where to dig more.
Thanks in advance
I am exactly at the same point. The error mentions a “list index out of range”.
PP
Try to read the script and look for hardcoded array/list accesses. Printing the intermediate outputs also helps
I am stuck, trying to modify exploit. I successfully connected but still I can’t launch reverse shell. I tried with mknod and other solutions without e argument but without success. Can anyone give me a hint how to achieve that?
Anyone know what I get false positives trying to brute force pass for c******* login page? Hung up on getting creds here. PM if you can nudge me in the right direction
Rooted. Thanks @redshift for helping with the payload.
Thanks @greenpanda999 for explaining the API.
Thanks @amra13579 for giving me the shell inspiration.
Thanks @beorn for the final nudge on root.
Yes. It takes 4 to help me getting over this box, (Shows how noob I am), but do PM me if you need help.
Am I the only one not following the teacher and verb hints… I have all the pages mentioned above, tried multple HTTP methods. Used burp to assess the auth etc.
Made it to w**-d*** and a reverse shell with the help (and not so subtle “hint”) from @harshallakare. @beorn was also a great help. Now, I guess it’s onto enumeration and privesc!