Hello,
I am currently stuck at achieving RCE at “Other Notable Applications”.
I was able to figure out the vulnerable application and a suitable CVE 2020-14*** with a Python Script “Server Remote Code Execution”.
However, I was not able to insert a suitable command to obatain a reverse shell.
Uploading NC.exe or MSF windows/shell_reverse_tcp via Python Server does not work. I also tried Powershell One-Liner without success.
The python exploit includes the instruction for usage:
"powershell.exe -c Invoke-WebRequest -Uri http://your_listener"
This simple HTTP GET request is the only connection I am able to receive on my attack box.
Any hints or suggestions appreciated!
I was able to use that command to exfiltrate the flag content via HTTP-Post request. Problem is almost solved!
How you did it? I am also stucked at this point
Well… hint >> Metasploit is a easier way to get the flag.
2 Likes
I figured out the app.
Trying various metasploit modules. So far nothing.
Any suggestions?
John
Hi,
It’s been a very long time since I finished the module.
At the moment I cannot memorize how I finally solved it.
I will have to look into that again and give it a try. That might take a bit of time, however!
Best,
martin
Great, can you just enlighten me again?
No worries. I figured it out.
Thanks Martin.
John
It turned out to be WebLogic on port 7001.
I used metasploit to pop a shell.
John
2 Likes
Alright, great and many thanks!
I wish you lots of fun with the next modules!
Best wishes,
Martin
thanks. a lot of time was wasted because of nmap ip -p-
a clue to save you a lot of time:
this is the way to go, other approaches for the vulnerability will not work.