[Academy hack the box][Shells & Payloads][The Live Engagement][Lightweight facebook-styled blog 1.3]

admiralhr99 · December 8, 2021, 6:46pm

hey.i wanna use this exploit (Lightweight facebook-styled blog 1.3) from exploitdb and when i use this with metasploit it gives me this error(exploit failed no methoderror undefined method split for nilclass).i got stuck and searched a lot but found nothing.thanks for help

donthackme · December 10, 2021, 6:27am

You are on the right path. Look closer at the Options

admiralhr99 · December 10, 2021, 6:50am

i also comment this line

token = res.body.split('":"')[1].split('"')[0]

and use this line

token = res.to_s.scan(/"[abcdef0-9]{10}"}/)[0].to_s.tr('"}', '')

but it can not get CSRF token.i also added sleep but it doesnt work.and i could not find timeout syntax for this

res = send_request_cgi(
      'method'    => 'GET',
      'uri'       => normalize_uri(target_uri.path),
    )

can you help me bro please?

donthackme · December 10, 2021, 7:08am

You don’t have to edit the payload, not needed. Review the payload Options in Metasploit.

Satellite · December 10, 2021, 7:31am

Text me!
I will support you, I exploited it manually.

admiralhr99 · December 10, 2021, 8:05am

oh my god.im idiot.thank you bro.love you

Satellite · December 10, 2021, 8:41am

you’re welcome

j0rg3k · December 27, 2021, 9:34am

Definitely the options are key
I answered all questions now but the one that need to craft a specific payload for the previous host.

admiralhr99 · December 27, 2021, 9:39am

which question in live engagement you could not ask?

j0rg3k · December 27, 2021, 9:48am

this question: Exploit the target and gain a shell session. Submit the name of the folder located in C:\Shares\ (Format: all lower case)

admiralhr99 · December 27, 2021, 9:55am

i remember it has 2 path for gain a shell.1 you can use the target with 8080 port and upload a (.war)file .another is you can use port 80 and upload a web shell.try it yourself and if you need more help i am here

j0rg3k · December 27, 2021, 10:00am

Yeap, first I tried uploading to the app on port 80, no luck. now I am trying via WAR file in port 8080. When I access the app after deploying the war, I got error from tomcat. still trying here… That;s the only question I didn’t get…

admiralhr99 · December 27, 2021, 10:06am

on port 80 testing you should use burp
on port 8080 you should get help from this site
https://netsec.ws/?p=331

j0rg3k · December 27, 2021, 10:14am

I got the answer using a shell in port 80 (no burp required)
I wonder, how it would be via war file

admiralhr99 · December 27, 2021, 10:15am

cool.did you see the link i shared?

j0rg3k · December 27, 2021, 10:21am

Yes, I have it in my bookmarks. By the way, I managed to exploit in port 8080 as well \o/

admiralhr99 · December 27, 2021, 10:23am

your welcome

kpm · December 28, 2021, 10:24pm

Hi,
I have the same problem and get stuck. The metasploit framework gives me the following error (exploit failed no methoderror undefined method split for nilclass). I set the RHOST und RHOSTS to the Host-02 address (blog.inlanefreight.local) and used the username and password from the file. The listen Port is 4444. What am I doing wrong? Thanks for help

admiralhr99 · December 29, 2021, 12:58pm

learn about VHOST

kpm · December 29, 2021, 2:54pm

Thanks .