Can someone help, I have the creds however having issues with the exploit.
I keep getting this error when trying to run:
Traceback (most recent call last):
File= “FILENAME” , line 54, in <module>
VIEWSTATE = soup.find(id=“__VIEWSTATE”) [‘value’];
TypeError: ‘NoneType’ object is not subsriptable.
Is this a clock issue or something else, I have edited the parts of the script I need to.
I have a remote shell on the box. Got user, trying for root.
Trying to connect via TV using creds found after enum and crack/decode.
Can’t seem to connect via TV, and don’t see other service u***…(?) that people are talking about.
Can someone help, I have the creds however having issues with the exploit.
I keep getting this error when trying to run:
Traceback (most recent call last):
File= “FILENAME” , line 54, in <module>
VIEWSTATE = soup.find(id=“__VIEWSTATE”) [‘value’];
TypeError: ‘NoneType’ object is not subsriptable.
Is this a clock issue or something else, I have edited the parts of the script I need to.
Can someone help, I have the creds however having issues with the exploit.
I keep getting this error when trying to run:
Traceback (most recent call last):
File= “FILENAME” , line 54, in <module>
VIEWSTATE = soup.find(id=“__VIEWSTATE”) [‘value’];
TypeError: ‘NoneType’ object is not subsriptable.
Is this a clock issue or something else, I have edited the parts of the script I need to.
resets the box solves this problem
No, it doesn’t. You have to maintain the session in-between requests.
Finally got root after being stuck in user for a while. Looked at the TV method and found a password but ended up going in through the U****C method. I was not able to use the obvious syntax as it resulted in an immediate stop. Ended up encoding another payload to get a shell long enough to pull the flag. Took several attempts as the session would only last < 1min.
I can’t get past the VIEWSTATE ... TypeError: 'NoneType' object has no attribute '__getitem__' error when running any version of the poc 46***.y . I’m using python3 . logging in with a***@.l and password b*****e .
You have a clock problem on your computer, resolve it and it will be good.
Yes, you are correct, a clock issue is what it was. Sigh I should have learned by now… every 3d box or so I run into a clock sync issue, and it’s so simple to sync them up I should just add this to my normal initial steps.
@bashsquid said:
Can someone help, I have the creds however having issues with the exploit.
I keep getting this error when trying to run:
Traceback (most recent call last):
File= “FILENAME” , line 54, in <module>
VIEWSTATE = soup.find(id=“__VIEWSTATE”) [‘value’];
TypeError: ‘NoneType’ object is not subsriptable.
Is this a clock issue or something else, I have edited the parts of the script I need to.
How to find writeable location, when there is no output from the PoC whatsoever? I don’t understand the commands are executed since i pinged myself and looked it up using wireshark, but there is literally no output from the .py script?
Rooted. Thanks for the box @mrb3n
Hints
User: look at what you can enumerate then read all the strings carefully. look at how you can use the content you get.
Root. look at what privs you have and see if you can mod something and run it.
I can’t get past the VIEWSTATE ... TypeError: 'NoneType' object has no attribute '__getitem__' error when running any version of the poc 46***.y . I’m using python3 . logging in with a***@.l and password b*****e . What is causing this error? I see several people have encountered it but am stuck on getting past it.
The POC looks pretty simple and I could execute it manually but I just get a blank page after logging in and then a session timeout. Burp repeater could be useful but I am not seeing anything about VIEWSTATE in the responses.
You have a clock problem on your computer, resolve it and it will be good.
You are a freaking genius, can please say me how did u figured it out???
I can’t get past the VIEWSTATE ... TypeError: 'NoneType' object has no attribute '__getitem__' error when running any version of the poc 46***.y . I’m using python3 . logging in with a***@.l and password b*****e . What is causing this error? I see several people have encountered it but am stuck on getting past it.
The POC looks pretty simple and I could execute it manually but I just get a blank page after logging in and then a session timeout. Burp repeater could be useful but I am not seeing anything about VIEWSTATE in the responses.
You have a clock problem on your computer, resolve it and it will be good.
You are a freaking genius, can please say me how did u figured it out???
Not the first to have this problem ; when trying to log through a web browser, immediatly got a session timeout message, this might help
Rooted
This box gave me a bit of trouble in a few different ways. However, I learned a lot and found some great Windows tools to poke around in it!
user: Fun CVE challenge. Initial foothold just involves enum, after that you have to do a bit of research on the CMS to get anywhere (or just be familiar with certain filetypes).
root: Two ways I’ve heard people talking about. I went the u****c route only because I couldn’t get TV to work for the life of me (though I did find the necessary info). It’s pretty simple to find (with proper enum) and there is easily googleable info on how to use this service to your advantage.
All in all, great box! The Discord channel is a lot more responsive than these forums if you need any help.
But unfortunately still getting this error when I run the script…
Traceback (most recent call last):
File “1.py”, line 53, in
VIEWSTATE = soup.find(id=“VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object has no attribute ‘__getitem’