Attacking Common Applications - Other Notable Applications

Hello,

I am currently stuck at achieving RCE at “Other Notable Applications”.
I was able to figure out the vulnerable application and a suitable CVE 2020-14*** with a Python Script “Server Remote Code Execution”.

However, I was not able to insert a suitable command to obatain a reverse shell.
Uploading NC.exe or MSF windows/shell_reverse_tcp via Python Server does not work. I also tried Powershell One-Liner without success.

The python exploit includes the instruction for usage:
"powershell.exe -c Invoke-WebRequest -Uri http://your_listener"
This simple HTTP GET request is the only connection I am able to receive on my attack box.

Any hints or suggestions appreciated!

I was able to use that command to exfiltrate the flag content via HTTP-Post request. Problem is almost solved!

How you did it? I am also stucked at this point

Well… hint >> Metasploit is a easier way to get the flag.

2 Likes

I figured out the app.

Trying various metasploit modules. So far nothing.

Any suggestions?

John

Never mind. I got it!

John

Hi,

It’s been a very long time since I finished the module.
At the moment I cannot memorize how I finally solved it.
I will have to look into that again and give it a try. That might take a bit of time, however!

Best,
martin

Great, can you just enlighten me again?

No worries. I figured it out.

Thanks Martin.

John

It turned out to be WebLogic on port 7001.

I used metasploit to pop a shell.

John

2 Likes

Alright, great and many thanks!
I wish you lots of fun with the next modules!

Best wishes,
Martin

thanks. a lot of time was wasted because of nmap ip -p-

a clue to save you a lot of time:

this is the way to go, other approaches for the vulnerability will not work.