@pdefermat - I’m in exactly the same boat. I’ve been trying all such ways monitoring BS for the results. I just keep getting not found error. Ive tried creating the another p****r and encoding use different enc types - but the same thing. I’ve also tried variants of the usual reverse shell method but all with the same not found. I’ve made sure Im putting the %23 at the end of the entry in n********n:
Any help would be most appreicated.
I thought I understood the CVE code and what it was doing but I am starting to lose the will to live on this one!
Any help is much appreciated
Exactly the same situation I am in. I am clearly missing something…
for those having trouble with the command, try mapping stde** to to stdo** in your exploit. I suspect I know the problem most of you are having with your command, and that should surface it. Feel free to DM if you need a bit more guidance.
Feel free to report as spoiler if that is too big a hint.
I found the pw for c******n by bruteforcing the PAI, got the coin but I do not know the exact syntax for sending the payload to the api, I still get unauthorized while trying to add the coin into the headers.
I’d appreciate some guidance, will give respect +. Feel free to hit me up on telegram, I like that chat platform a lot @antharaslair.
Thanks @blaudoom. Still struggling with the c******* creds (Im pretty sure the wordlist/range that has been hinted at doesn’t even contain the bad characters referenced previously? Unless I’m missing something). Just getting a heap of 403s currently (not the “Forbidden” page)
How does a script know what is a single word in a wordlist?
Thanks @blaudoom - I got that one yesterday! Got completely sidetracked and was looking at other “illegal” chars that were giving me weird responses. Taking a step back and actually looking at my script output helped in the end!
Finally rooted after a brain fart that randomly occurred this afternoon (not uncommon).
This absolutely doesn’t need the documented CVE to gain some kind of system access. If you poke around enough in c*****n you’ll find a way to get RCE outside of any scripts and, if you don’t overthink it, this will then allow you to get a more direct, consistent shell. From there, as most have said, enum from the low-priv user. Any half decent enum script will highlight something profoundly obvious to you that, upon Googling, you can then exploit.
Happy to PM for nudges (I’m also on Discord under this handle). One thing I would say here though: keep it simple, stupid.
Reverse shell is not happening. I see my string in the GUI, I figured out what was giving me the 403s, but cannot get if executed. Gonna sleep on it and come back later.
I cant get the exploit script to work. It gives me lxml warnings and then tells me it’s worked and to check my netcat listener which doesn’t trigger. Tried doing it from linux and windows and get same error.
Then Trier manually crafting a request using postman and curl which didnt work.
Not sure where to go with this one. Any advise would be much appreciated.
I cant get the exploit script to work. It gives me lxml warnings and then tells me it’s worked and to check my netcat listener which doesn’t trigger. Tried doing it from linux and windows and get same error.
Then Trier manually crafting a request using postman and curl which didnt work.
Not sure where to go with this one. Any advise would be much appreciated.
I scrapped the script completely. I would suggest searching for this CVE and reading the article written by this box’s creator. It should become clear how to get the shell another way.
Is there a way to login to the UI of the server? I think i found the PW but keep getting 403 Forbidden in browser and burp.
Can anyone point me in the right direction please?
Yes, if you can’t log in to the UI then you likely don’t have the right password after all. I would recommend checking for what your script is doing, perhaps there’s some bad characters in there.
The ‘wall’ is giving me a really hard time trying to go around it. Executing the exploit by hand leads to a nice error in the UI and using other things in the UI unrelated to p*****s lead to nowhere except getting WARNING or CRITICAL yelled back at me.
