G’day, getting this error when I try to run the PoC with what I assume are the correct credentials. Not sure if this is because my creds are wrong or there is something wrong with my Kali setup. Looking for guidance or a PM if not suitable for the forums.
Traceback (most recent call last):
File “e******.**”, line 53, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object has no attribute ‘getitem’
Edit: Sorted this out with a tip that my creds were wrong.
wow, I dunno about anyone else, but I had about one second to spare to spawn a shell and read the root.txt before my connection got cut off using the u***** method haha. I think you may need to be the first one to do so after a reset for it to work as well for some reason. Trying other method now, fun box!
**edit. also tried the file method first and it worked without even knowing it. Good thing I went back to my upload location and deleted my nc off there and didn’t leave cp root.txt.
@Sporium said:
Type your comment> @MudGrassPony said:
You can find something even with common words, ah and if it’s not 200 it’s still doesn’t 400 and it also can be used. PM if you need more info about it.
And creds against what user?
Ahhhhh thank you. I decided to “go” with a different tool and am trying my luck with that one since it looks to be faster. I am glad that it sounds like I’m on the right track and that we might have some “common” ground.
As embarrassing as it is to say, i’m trying to get an initial foothold.
rooted finally, The U****C is unreliable way , so really need to the TV way , i got foothold of few things but i am not sure i am on right track , Do i have to crack something ?? .
ok, been struggeling with this box for a while now…many firsts for me here ,not least it being a windows box…I ve managed to use the exploit and A****@.*** to execute commands on target and can read directories and found user.txt. I used the same to upload mr payload listening using mu/hr. m*******r opens session but no prompt apears no matter what I do! Any ideas? Do I even need to do this for root?
Ok Team, I was able to get RCE with the you know what .py and scored the user.txt .
I am now working to root and I am not at all familiar enough with Windows enumeration to know where the ■■■■ to go next. I have tried using the RCE syntax to achieve a reverse shell for easier browsing but I am having zero luck! Please help!
Hey having a weird network issue here. I can ping/connect to the Remote box no problem from my kali vm. However I cannot ping or make any sort of network connect going back the other way. So i cant ping my kali, get to port 80 on my webserver, etc from the Remote box.
Has anyone encountered anything like this before? I am assuming it is some weird configuration i might have?