@dodo said:
Hi! I’ve some problems using python requests to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the header application/x-www-form-urlencoded to the POST.
I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.
no need to add headers …just make a script to automate all required job…
I should have mentioned this is all being done in the same python script, leaving me to think its something to do with the payload encoding in the post request.
@dodo said:
Hi! I’ve some problems using python requests to exploit the initial RCE:
using the same exploit works locally but when sending the payload to the server i get error 500.
I’ve also added the header application/x-www-form-urlencoded to the POST.
I need to add something as header?
In exactly the same spot. Would love a nudge on the payload for RCE. Can post and check the result based on the hash. If the *1 string is not found I get a good 200 back with the string; if it is found its 500 each time, but works locally.
no need to add headers …just make a script to automate all required job…
I should have mentioned this is all being done in the same python script, leaving me to think its something to do with the payload encoding in the post request.
if it works locally …then it will work remotely but ensure to try all payloads and automate those tasks which are working behind the scenes according to that file( You know which i’m talking about…)
I have a love / hate relationship with this box. I love the things I’ve had to learn to get onto the box (albeit in a rubbish shell with no privs). I hate the constant failure at getting creds out of the DB.
Still, when I eventually get user or root, I will cheer me up…
So I cracked and came back to this tonight - a bit of time with the DB manpages and I’ve to usernames and passwords out of the DB. Tomorrow I get the “fun” task of working out where to use them…
Can anybody give me a clue about RCE? I could not succeed to work it. I am taking badcharerror. I think soource of the error is char, but i could not find to bypass it.
Rooted!!! finally, after a long long ride, it’s been a fun, frustrating, and complex road, Learnt a lot from this box…Any help or nudge wanted yaou guys can pm me on discord [vrvik#7626]
I’ve been in the low-priv (s)■■■■ forever. Enumerated all files I can back and forth, and nothing comes to focus. If anyone has a hint on getting from www-data to the next level, please share
I am confused… I have the source code, but I am struggling to understand what I can do with this. I am trying to host it locally by throwing a clone into /var/ www/ html but I don’t know enough about hosting an Apache2 site, aparently… Anyone wanna shoot me a tip?
Eyy guys ! first comment here, I’m very stuck on RCE… something must misunderstood by me for sure because when I execute the vulnerability in c**** with any kind of payload I always receive 400 as error code, I have seen much of you have received 500…
Anyone can give a little hint about this error ? Thx !
@NorbaK said:
Eyy guys ! first comment here, I’m very stuck on RCE… something must misunderstood by me for sure because when I execute the vulnerability in c**** with any kind of payload I always receive 400 as error code, I have seen much of you have received 500…
Anyone can give a little hint about this error ? Thx !
I already have this one,
HINT for who is in the same situation: try to find some application to run locally and analyze its code
Hello everyone,
I have a problem. I analyzed the code and I have a working payload on the local machine. The problem is that it is not working on the remote host. I tried many variations but I can’t figure out what’s wrong. Can someone PM me for hint?
@TazWake said:
So I cracked and came back to this tonight - a bit of time with the DB manpages and I’ve to usernames and passwords out of the DB. Tomorrow I get the “fun” task of working out where to use them…
I’m in the same situation, it seems like it must be possible to “login” with that password as the user h***r but usign the typical commands “su”, “sudo”, … no way !
