Can someone help me with Attacking Common Applications - Skills Assessment I can’t find exploit for web server. I try all the public exploits but no success
1 Like
It is say that PUT method is allowed but I cant upload the file and I get 404 error
Any one can help me ?
1 Like
Can someone Help me?
Have you solved this question yet? I am also stuck at skill assessment 1
Hi guys, I’m at the same point at skillAss 1, but event skillAss 2 is very hard with no hints. I don’t know what to do
Hi guys, I’m at the point SkillAss I. After enumaration with nmap I know some application, the port and version, I submit answer and it’s right. But I cant get the shell to cat the flag.txt. I try all of vulnerability on ExploitDB. Can anyone give me a hint?
Try to search on vulnerable app for extensions with ffuf or dirbuster and you will find something juice to exploit 
4 Likes
can any push another hint at this as I’m not figuring it out - perhaps I’ve looked at it too long!
I know what the app and version is - but that does not seem to help getting a shell - none of the metasploit modules work.
gobuster showed me the ‘/assets’ subdirectory which I do not have permission to access so i cant go further there (I assume thats what @Gocka was refering to)
I know there is a jenkins login page but default credentials do not work
Where should i be looking? I’m stuck…
Text me, I will support you
2 Likes
I eventually got the flag. The solution is direct vulnerability of the app. I highlight you need to do a little background reading into how the vulnerability works so that you can properly set up metasploit
Researching “cgi tomcat” exploit, and read more about that
1 Like
Hi All,
Out of ideas at the moment and could do with a fresh perspective if someone could help provide some additional pointers.
- I’ve identified the vulnerable app and can confirm it’s vulnerable to G****t but I can only read one file w.**l which has no additional configurations.
- I’ve ffuf the vulnerable app port but can’t seem to find anything which would relate to the “tomcat cgi” exploit mentioned above. I did however find b****.**l. Is this the file?
Any pointers of what direction I should be looking at next would be most helpful
Thanks,
S
hey can you help me please?
hey can you help me please? i can not get the flag.txt
Figured it out recently. We are being fooled by the webserver, it hides obvious thing. You know that momen when woman says no, but actually means yes? kinda the same stuff here.
- Your fuzzer is being fooled
- Read some docs on the cgi vulnerability and try(!) to apply the stuff to the assessment.
Good luck!
It’s indeed very tricky. I spent a lot of time but I finally got it.
As already mentioned, try to use cgi exploit. Read carefully the prerequisites (in msf, the sources are linked).
After that, you should use own wordlists or find the *.bat file using educated guessing. It’s a common file name fot this OS.
Cheers Guys - already had it worked out - just didn’t close my thread down!
Hi guys!
I’m trying to enumerate vulnerable batch file within Skill Assessment I.
I have a lot of time spent for trying different wordlists including my own ones but no success to find out any .bat files.
One of my findings is the server respond 200 on my request for any .bat file in a protected directory. However no more .bat files still can be enumerated in some other directories including cgi.
Furthermore there is a couple of .jsp files that MSF qualifies as vulnerable besides that it cant create the session.
Adding ?&dir or ?dir does not work for .jsp and the common mentionedabove .bat files.
Please, can you help me giving some hints?
Read the CVE again carefully. There are two possible file types. The directory that contains the file is also described.
1 Like
Thanks a lot, @PayloadBunny!
I started more carefully to fuzz using possible scenarios by CVE description. It seems the file can be missed fuzzing it recursively as in my case with ffuf. However, fuzzing it from the target directory I reached the success.