n4gyl4j0s

About

Username
n4gyl4j0s
Joined
Visits
116
Last Active
Roles
Member

Activity

  • Hi,
    My method which was success: I wiresharked the traffic and see what was in the nagios_bin variable and what was the response the generate.php POST message.
    I started the default commands. And I then tried to create a reverse shell

    A lot of things were not worked me :-)

    If you see that response, you realize some "things" (commands and characters) are filtered. So you must bypass that filters (wall) somehow....

    I found a "two step" reverse shell bypass the filter.
    But in the server (on the task list) (from an other challenger) I found a better solution, but now I'm not find that trinck on the net.... So I don't known, how that trick was known by others.

    October 10
  • 5m1tch

    Hi have you popped shell on wall yet?

    Im really struggling with what synatx to use i've tried things like:

    {ping,10.10.10.10}
    CMD='\x70\x69\x6e\x67\x20\x2d\x63\x20\x33\x20\x31\x30\x2e\x31\x30\x2e\x31\x34\x2e\x31\x39\23'&&$CMD

    Looking at the exploit it needs a terminator so i have tried different variations of that, I know that it wont accept spaces or # (plus other things) .

    Also tried common ports that would be allowed in firewall.

    Really stuck, could you give me a nudge/ material to read on the command syntax please?

    October 9
Avatar

Howdy, Stranger!

Click here to create an account.