Hint for TartarSauce!

Spoiler Removed - Arrexel

@bugzy said:
Spoiler Removed - Arrexel

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

Spoiler Removed - Arrexel

@NinjaRockstar said:

@xdavkk said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit

There is other stuff to look at though.

yup

@xdavkk said:

@NinjaRockstar said:

@xdavkk said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

I don’t think this is going to work… someone already said that you can’t upload files neither plugins.

I agree. It won’t work. It’s mostly the same as this one: Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution - PHP webapps Exploit

There is other stuff to look at though.

yup

looking …

if you dont have results, change your way

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

hint for anyone that stuck on upload
you should look for something else than that :wink:

Any hint on the username?

even the upload for the plugins doenst work…also i have editted the 404page…but nothing is using the 404page…even i try id=blogX or id-filemanagerX still 404page doesnt come up…it just says “Aw snap…etc”…am i still missing sonething?..thanks in advance…

hi firefart…just think of being a lazy person who is installing monstra…

or it can be found on the files that are viewable…

I tried all possible options on the website, and nothing seems to work…

Is it something else? Should do a comprehensive nmap for all ports?

You can PM if it contains spoilers…

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB

@jameel said:

@bugzy said:
:smiley: when Montra CMS RCE PoC uploaded 23 hr ago
https://www.exploit-db.com/exploits/44621/

Yeah i’ve wrote this exploit, after downloading the Montra fuzzing it, but the code on this machine doesn’t work because they block every interaction with the DB

l33t, just enumerate little more

For those who both restart they do not have to restart the box if they have not left anything open

I like good machines and I always try to get as far as I can on my own. Found the easy login and the only page you are able to change, but no way to call that page to test. I guess I have to enumerate more…

@mrdogma said:
hi firefart…just think of being a lazy person who is installing monstra…

I don’t need the user for monstra, I need it for the other application :slight_smile:

@ZaYoOoD said:
I tried all possible options on the website, and nothing seems to work…

Is it something else? Should do a comprehensive nmap for all ports?

You can PM if it contains spoilers…

Spoiler Removed - Arrexel