My method which was success: I wiresharked the traffic and see what was in the nagios_bin variable and what was the response the generate.php POST message.
I started the default commands. And I then tried to create a reverse shell
A lot of things were not worked me :-)
If you see that response, you realize some "things" (commands and characters) are filtered. So you must bypass that filters (wall) somehow....
I found a "two step" reverse shell bypass the filter.
But in the server (on the task list) (from an other challenger) I found a better solution, but now I'm not find that trinck on the net.... So I don't known, how that trick was known by others.
Hi have you popped shell on wall yet?
Im really struggling with what synatx to use i've tried things like:
Looking at the exploit it needs a terminator so i have tried different variations of that, I know that it wont accept spaces or # (plus other things) .
Also tried common ports that would be allowed in firewall.
Really stuck, could you give me a nudge/ material to read on the command syntax please?