Arrexel
About
- Username
- Arrexel
- Joined
- Visits
- 599
- Last Active
- Roles
- Member, Administrator
Comments
-
Hmm works for me with that exact connect back method in Kali. Tested on CronOS: (Image)
-
What machine are you trying this on, what kind of reverse connection and what are you using for a listener?
-
The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released
-
Have a look at ippsec's video to see it in action: Joker Note he did /bin/sh in pty.spawn. Should have been /bin/bash
-
SNMPWalk will output the address in integer form. To help you enumerate, take a valid IPv6 address from another machine on the network and convert it to integer. Using that information, it will help you find the data in the SNMPWalk output.
-
(Quote) The majority of connect back shells should work fine. I meant nc as the listening service on the local machine. Refer to the netsec.ws link that @sajkox posted to see other options.
-
Don't focus so much on the tool as the extension you are searching for ;)
-
Yes it is useful. It is a combination of what you found and bypassing the restrictions/filters. Mess around with it while passing unrestricted data to see how it works, then focus on bypassing the restrictions.
-
I had some issues myself. Look into different types of encoding you can use
-
Knowledge of OWASP top 10 is very helpful. PHP knowledge is also helpful on a large portion of the boxes. Get familiar with Linux if you aren't already, as you will need to be able to notice things that are not part of a default Linux installation.…
-
Running a quick scan to start is a good idea. Once that is done, start a full scan while you check out what the first scan found. The majority of boxes only have services found with the quick scan, so it should be good in most cases.
-
Nope! You're on the right track. Try intercepting the requests and responses to see what is happening.
-
Insane amount of spoilers in this thread. Please be more careful about what information you post about machines.
-
(Quote) The path to ColdFusion is optional, in the example it links to the jsp payload file. That path is used if the CFIDE directory is not in its default location.
-
Pm on slack ;)
-
Hard to say much at this step without spoiling, but if it's 0 that doesn't sound right :p
-
www-data is not the intended entry method, although it is possible (just waaaay more effort, and different esc method). I don't want to spoil, but there is a known exploit that works from www-data (so I've been told, haven't done it myself). Take a …
-
I usually use Apache as it is also built into Kali and doesn't require a terminal window to be left open. Also I have accidentally started SimpleHTTPServer in the wrong directory in the past and want to minimize exposure of the rest of my machine. A…
-
(Quote) Yea I will be adding that to them all from now on, will fix lame/legacy after I finish my next one.
-
Lmao fixed, thanks
-
Moved to "other" tutorials, writeups is for machine tutorials. Otherwise nice work :)
-
(Quote) Thanks, modified it to account for proper target selection.
-
I suggested this a few months ago. It is a bit soon yet, but I could definitely see it if we could get some good material together and a private lab for certifications, after we grow some more. Who knows what the future might bring :)
