Managed to get the working exploit…able to ping my kali from victim using exploit. Tried downloading the malicious executable using powershell, can see file is getting downloaded as “python HTTPserver” receives the GET request. But when I try to execute the exe, nothing happens.
Managed to get the working exploit…able to ping my kali from victim using exploit. Tried downloading the malicious executable using powershell, can see file is getting downloaded as “python HTTPserver” receives the GET request. But when I try to execute the exe, nothing happens.
All stuck …any hint please…!!
Getting the exact same issue!! Its so frustrating. I have tried so many different ways and nothing is executing
Rooted! That was enjoyable. Thank you for the nudge I needed @nyckelharpa
Any hints on user?
The user.txt file is all in the same location. So with the working exploit you can just grab the contents of it. As far as getting a propper shell PM me.
Just a hint for those that have trouble with uploading stuff to the box (@rootsh3llz@mfhtb88 ): Maybe your exploit is correctly calling your server and downloading your payload but you can’t execute it afterwards because your exploit is trying to write somewhere where it doesn’t have write permissions. Try to specify a specific path for your exploit to write its files. Might involve some guess work, but I assume you’ll only be temporarily stumped by this
Just a hint for those that have trouble with uploading stuff to the box (@rootsh3llz@mfhtb88 ): Maybe your exploit is correctly calling your server and downloading your payload but you can’t execute it afterwards because your exploit is trying to write somewhere where it doesn’t have write permissions. Try to specify a specific path for your exploit to write its files. Might involve some guess work, but I assume you’ll only be temporarily stumped by this
Yeah I got this, figured it out as I started getting the output from my PS script. Thanks
Can someone give me a hint on transferring the file. I believe I know where to put the file, but I’ve tried copying the file using smb shares, http to transfer via I*****-WR****, and am not getting any luck with it even trying to take the file from my http server. This is only my second box so I have a feeling I’m not doing something obvious but have been stuck here for 2 hours at this point. I’m able to ping my kali box but that is about the only thing I feel like I’ve accomplished.
I don’t get the file path I have to write to. I tried it with $env:TEMP but apparently the user doesn’t have write rights on it. Anyone able to provide some tips please?
EDIT: nvm i’m an idiot, think of something public (hope thats not an spoiler)
(Quote)
I tried same thing and added debug lines. I don’t get to end, but the shows lack of cookies, so I too think this is the wrong route.
No, I did the same thing. Look closely where the script tries to print the cookies. Its at r1. While it logins afterwards at r2. So I tried print_dict(r2.cookies) and it worked! So it does have the cookies, maybe the place where we inject the payload is wrong?.
Hope it’s not a spoiler and we figure it out soon!!!
(Quote)
I tried same thing and added debug lines. I don’t get to end, but the shows lack of cookies, so I too think this is the wrong route.
No, I did the same thing. Look closely where the script tries to print the cookies. Its at r1. While it logins afterwards at r2. So I tried print_dict(r2.cookies) and it worked! So it does have the cookies, maybe the place where we inject the payload is wrong?.
Hope it’s not a spoiler and we figure it out soon!!!
Any chance of a nudge. I’ve been looking for ages to find where to inject the payload.
I’ve followed the code, it all seems to be in the right place. I dont know what im missing
(Quote)
I tried same thing and added debug lines. I don’t get to end, but the shows lack of cookies, so I too think this is the wrong route.
No, I did the same thing. Look closely where the script tries to print the cookies. Its at r1. While it logins afterwards at r2. So I tried print_dict(r2.cookies) and it worked! So it does have the cookies, maybe the place where we inject the payload is wrong?.
Hope it’s not a spoiler and we figure it out soon!!!
(Quote)
I tried same thing and added debug lines. I don’t get to end, but the shows lack of cookies, so I too think this is the wrong route.
No, I did the same thing. Look closely where the script tries to print the cookies. Its at r1. While it logins afterwards at r2. So I tried print_dict(r2.cookies) and it worked! So it does have the cookies, maybe the place where we inject the payload is wrong?.
Hope it’s not a spoiler and we figure it out soon!!!
Any chance of a nudge. I’ve been looking for ages to find where to inject the payload.
I’ve followed the code, it all seems to be in the right place. I dont know what im missing