Official Chemistry Discussion

Peechie · November 12, 2024, 4:32pm

I took abit of a rage-quit break, but I’m back now! I ended up finding the localhost site, and port forwarded using ssh -L, but I’m still stuck ■■■■
Any tips? Sorry for the dumb questions lollll

Zoked · November 12, 2024, 4:33pm

rev shell is not working, I think the code is not even executing. Any way to check if the payload is working?

Peechie · November 12, 2024, 4:36pm

Hey, dude, can you pleeease help me on the root flag? I’m stuck! I got the user, and i found the localhost site, but i still have no clue where to go from here

Peechie · November 12, 2024, 4:37pm

Well, What error is your browser giving you? What payload are you using?

I could try help find the error

Zoked · November 12, 2024, 4:41pm

.cif exploit, browser is not the problem. The thing is when I click view, theres no connection. Already tried busybox and all type of shells

Peechie · November 12, 2024, 4:44pm

When you click view?
I’m guessing you are using CVE-2024-23346
The browser could help me narrow it down abit. For example some people are getting 502 errors, which would kinda help me see if its a problem with the browser or the payload!

DM the payload/files you are using to me in dms, ill test it abit and see if i can fix anything!

Zoked · November 12, 2024, 4:48pm

Yes using that CVE. Im getting error 500 after clicking view. Let me send you the payload.

PhantomFermi · November 12, 2024, 6:20pm

Have you enumerated the localhost website itself?

Did you find any interesting paths or sub directories?

Maybe Nmap might help you find things you overlooked.

Loaxert · November 12, 2024, 9:41pm

can someone help me i sent the file.cif with the payload but it doesn’t work

RoniNX1155 · November 13, 2024, 2:20am

Finnally

greenlander · November 13, 2024, 10:36am

google → file.cif vulnerability
number CVE github
edit exploit
this should work

greenlander · November 13, 2024, 3:18pm

rooted

Loaxert · November 13, 2024, 3:30pm

I’ve been doing that with different payloads, but it doesn’t work, I don’t know if it’s because the machine is bug or is my error

greenlander · November 14, 2024, 10:56am

Google → cif file exploit
number CVE github
second entry is very representative
it worked for me

ncooper · November 14, 2024, 1:36pm

Hello I can’t seem to get my cif file to work it seems to spin infintely then do nothing? Would anyone be abke to help?

Kemuus · November 14, 2024, 10:26pm

idk why but i have tried lots of shells and nothing is working, is it a box issue ?

ncooper · November 14, 2024, 10:50pm

Im having a simmilar issue

hthemus · November 16, 2024, 3:31am

Finally got it. Issue for me with the payload to get the foothold was that I was entering the wrong IP address. Doh.

tudes0 · November 16, 2024, 1:47pm

Hello, I found an xss flaw in the site to see the list of services, but I don’t understand what I can do with it, am I on the right path at least ?

wavedesigner · November 16, 2024, 2:40pm

Hi.
I obtained reverse shell but i can`t read data of the user. “cat user.txt”
As if it were empty.

Topic		Replies	Views
Official Resource Discussion Machines	153	4557	November 23, 2024
Official Compromised Discussion Machines	210	22184	January 25, 2021
Official Atom Discussion Machines	90	11279	July 8, 2021
Official EarlyAccess Discussion Machines	21	2628	February 5, 2022
Official Secret Discussion Machines	147	11304	March 24, 2022

Official Chemistry Discussion

Related topics