@Demosz said:
Could someone with a foothold PM me? I need a nudge on how to exploit Couch + the link I found in the source code. I’m lost on what to do with it.
You need to research a bit more on how the service is working in the background to exploit. If you don’t already have the necessarily files, you may need to enumerate a bit more as well.
@Demosz said:
Could someone with a foothold PM me? I need a nudge on how to exploit Couch + the link I found in the source code. I’m lost on what to do with it.
You need to research a bit more on how the service is working in the background to exploit. If you don’t already have the necessarily files, you may need to enumerate a bit more as well.
Sorry, I don’t have user or even a shell yet. I’m still struggling with just understanding what I have. Do you mean enumerate the site directory, or did I accidentally give the impression I have a shell.
Pwned user. This machine is cool af. Feel free to PM me too for nudges too.
Hint, (as seems to be the case often) a stable RCE is almost as useful as a shell – I could get everything to pwning user without a shell. Something that can execute commands and give back output is useful enough in this case.
I have found all that I believe from remote enumeration and I have a few things to track down, but spent a lot of time so far with no luck; currently in a pickle trying to figure it all out. Please PM me if you can help me talk it out?
Need some help on getting shell. I understand the exploit, have re-created it on my own machine and have even been able to pop a reverse shell on my own machine but never on Canape.
To everyone stuck at their pickled payload not working when submitted to the site: try using a popular http library for the submission of your pickled code. Copy & pasting the payload from the terminal + bad url encoding fucks up the payload, with the mentioned library it worked flawlessly.