Invoke-WebRequest should work. Try a full path in the -outfile
That was it so it seems. Thank you so much. The issue now is some kind of lag that causes the file not to be downloaded. It shows the file in the remote machines directory but with size 0. I assume this is a network issue.
Update: Running a personal VPN on top of OpenVPN seems to cause some issues.
I agree, I had to connect to the htb OpenVPN first which defeats the purpose of a personal VPN. I think it has to do with the name of the interface because I could connect to my personal VPN after I connected to the htb vpn. I haven’t had a chance to check the .ovpn to check. The problem, your public IP might not be hidden if you have to connect to the htb first. I think the admins of this site do the best they can to make sure you are not exposed but nothing is 100% secure, EVER. Sorry prob the wrong place to have this discussion.
Give hints but do not explain each step of privesc, because it’s still a spoiler.
Like HTB rules says : Dont share how you hacked each machine with other members.
Give hints but do not explain each step of privesc, because it’s still a spoiler.
Like HTB rules says : Dont share how you hacked each machine with other members.
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
If this is for user then the exploit doesn’t really give you a shell (well it does, but this sucks and you quickly want something else), it gives you RCE.
If you read the instructions in the exploit it tells you what you need to do - although some of this is wrong, you can work out what you need to change by the code of the exploit.
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
You need to hit the right page and gave the right parameters to have RCE.
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
If this is for user then the exploit doesn’t really give you a shell (well it does, but this sucks and you quickly want something else), it gives you RCE.
If you read the instructions in the exploit it tells you what you need to do - although some of this is wrong, you can work out what you need to change by the code of the exploit.
thank you very much i will study more the instructions
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
You need to hit the right page and gave the right parameters to have RCE.
i’m sorry for silly question. i have scanned and enumerated, find exploit on exploit-db modified to work (some parenthesis) and runned over buff. it gives successfully connected to webshell but then immediately exiting without the shell . Some hint thank you in advance
Look at how it generates the “successfully connected” message, and the do the same for other commands
Rooted !!
Getting to the user’s flag was a bed of roses.
Regarding the root flag it’s not difficult but you have to list well and see what services are running and ask yourself if any of them is a pretty old and vulnerable version.
So for those who’s going to have the same problem I had. Exploit worked for me yesterday and didn’t want to work today, I was doing port forwarding exactly the same way, spent hours for this, knowing exactly all the steps to root the box, but it didn’t work.
Something that worked is to cross-compile your exploit and run it from win box.
Can anyone tell me if I am going down a rabbit hole here…
/e*/u*****/
I am trying to upload a php reverse shell, and am trying to bypass the filter by prepending ‘gif87a’ to the script and using double extensions etc but still I can’t upload.