Remote

finally rooted! So I understand there are two ways to root. I used u****c, what’s the other way?

I am dead in the water at the darn CVE. I just cant seem to know what to change in the code to make it work. I got a**** pass and got access to the site, can upload js* manually, but can not make the script work. a nudge would be very helpful.

Can’t seem to run the PoC . After running the py file it just starts and ends without returning the shell, tried changing few things in the PoC but no luck. Pleas help

I got creds for a****@h**.l****
Is it possible to get a shell using script 46***.py?

I need some help with the PoC…Anyone please ping me

Type your comment> @fcmunhoz said:

I got creds for a****@h**.l****
Is it possible to get a shell using script 46***.py?

yes
If you add a line of code, you can even get the user flag without any shell

You should to change the script guys.

Rooted after taking a couple days off.

Nice to learn some new stuff about nc.

@enigmaNL said:
Got SYSTEM (and user) :slight_smile:
I lost 1,5 days on solving an issue with my own compiled nc.exe, i wasnt able to get a reverse shell until i realised i should just use the one that came with kali :cry:

Anyways, i learned a lot, thanks @mrb3n !

Hello @enigmaNL I have found a****@h**.***** and do exploit with 4****… But I didn’t get idea for doing reverse shell… I’m interested with what you say… “just use the one that came with kali”

Can I PM you? Still confused how to get the user…

Thank You!

Okie doke… im struggling hard.
Ive got the login to the website… but where to i go from here? any pointer would be helpful, im super new to this.

Alright I am super new to this site so I am not very experienced. I cannot get the R** to work correctly using the 4****.py. I have successfully used it to ping myself which I verified using tcpdump, but it is like no other command will work, let alone can I verify the file path that I uploaded onto the server. If anyone can direct me onto the right path please PM me.

I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.

Just rooted. Fun box and thanks to @ChefByzen for unblocking me where I’d ran out of ideas, but without giving anything away.

Very interesting way to get user and pretty straightfoward to get root once you have the information and know the technique.

Type your comment> @Meatex said:

I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.

Im in the same boat as you, it downloaded a file… but god knows where it went… cant seem to get it to run

I even tried to have it access a smb share hosted on my machine while using responder to capture the hash, but it didn’t seem to capture any traffic

oh lord!
I found a cred but it wasn’t working. I wasted more than 3 hours trying to crack the “a****” password, then I reset the machine and it worked…
Oh man, why did you change the password? not cool bru

i’m stuck to root.

do i have to abuse a service?

Type your comment> @dyl88 said:

Type your comment> @Meatex said:

I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.

Im in the same boat as you, it downloaded a file… but god knows where it went… cant seem to get it to run

I am also at this stage.
Any attempt to add a path to the output location, download never starts.
Attempts to execute my file with out, hasn’t made it back to to my meter.

So, I got the user flag but I am not able to get the shell. I am getting error in my payload which I am not able to resolve. Any help will be appreciated

Type your comment> @gsxrjason said:

Type your comment> @dyl88 said:

Type your comment> @Meatex said:

I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.

Im in the same boat as you, it downloaded a file… but god knows where it went… cant seem to get it to run

I am also at this stage.
Any attempt to add a path to the output location, download never starts.
Attempts to execute my file with out, hasn’t made it back to to my meter.

try to execute in memory when you can download file in server. so you don’t need to know where the file is placed. one terminal to received reverse connection another terminal to serving a file to be downloaded.