Use packet capture tools to see what is happening when you send data to the server. >There is a reason why it doesn’t work. Understand what the exploit is actually doing. >Review the code to see what steps it is performing. Once you get it, you won’t need to >run the exploit anyway. You could script something that works 10x better.
This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.
What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.
(Quote)
This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.
What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.
I am stuck at w**-d***, I already did enumeration and tried some exploits. Some people mentioned that it should immediately catch ones eye what to exploit.
Rooted.
USER: do not rely on the exploit, write your own tools and combine with exploit
ROOT: its pretty easy, just look around, no need to enumerate
Thx @Y3llowMustang@rholas
PM if you stuck.
Use packet capture tools to see what is happening when you send data to the server. >There is a reason why it doesn’t work. Understand what the exploit is actually doing. >Review the code to see what steps it is performing. Once you get it, you won’t need to >run the exploit anyway. You could script something that works 10x better.
This is confusing, I get the CVE code needs “fixed” based on the comments, but as best I can tell, from walking through it with burp or just manually typing everything in the GUI, the script is fine, it’s a server side setting that’s preventing the payload, which can be replicated by just copying and pasting the payload in the GUI, you get the same error (based on the characters). Unless I’m missing something. I don’t see how you would script something 10x better, it’s just posting the same data you could enter in manually. I can’t figure out how to get anything to just work, even something simple like ping, which makes troubleshooting difficult.
What I don’t get, is how you kick it off if you use the GUI. I get the post to that special page in the CVE script, but I can’t find that in the GUI.
To clarify, I mean for anyone who is only firing off the exploit and sitting back and it’s failing - a good place to start would be to capture the traffic and analyse the responses back to see at what specific point it’s failing. Then focus on that specific part of the exploit only and get that working first. Without a capture it might be hard to discern at what point it fails because if you are using the exploit on EDB - it won’t tell you what is happening and at what point - it will simply echo success even if this isn’t the case, hence you could script something that works 10x better by at least providing you feedback on the server responses as you supply different payloads.
As far as I could tell, there is no direct link to that in the GUI, for that I just mocked up the request in BS and sent it to repeater. That at least only requires session ID and no token which makes life a little easier. You should see feedback in the server response for that if you run a command that provides output if that’s helpful. If you are seeing no feedback from commands (and you are sure the command updated correctly by checking the GUI), then there must be a syntax error, sometimes I forgot the character at the end of the payload from EDB which caused the execution to fail.
Rooted… thanks to @PanamaEd117 & @NikolaITA for keeping me on the write path…lol and showing me the way.
Initial: i went through every tool and wordlist, before i said f it and used my trusty friend Google he/she was a CREDible pal
There’s a hint on page 7 that turned it around for me after i logged on, it s an oblique hint and it smells fishy to me
User/Root: after much researching and plenty of tea sessions with Bugs Bunny all it took was a nudge, and the rest is history
Learned quite a bit these last couple of boxes thanks to the authors and some solid peeps on here for that.
But i wont be completely satisfied untill i can pop a box manually100% and on my own, then will i know i belong
i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.
i am pretty much noob here i guess so if there is someone who can help me rooting this machine just PM me.
till now i have only discovered m*********, a*.php, p****.php using d**b.
Quote
Tired, ZAP, gobuster, dirb, dirbuster gui, sparta, not able to find anything other then the basic 3 dirsearch.py finds. Added extensions to dump all types of request verbage. nada. Could use some help here…
use the most common tool to intercept requests and then look at the responses of the directories you have found
^^^^ that right there got me the /c********* directory, ugh finally!!! Thank you @3322kr!!