Official Chemistry Discussion

HTB Content Machines
131

DM me

132

Thatā€™s the assumption that makes the most sense, I guess. But I donā€™t know. Even if you could automate the whole thing or a big chunk of it, and account for every possible scenario (including a CIF file), the runtimes seem too good to run all steps to reach the flag with its different possible options. I have a hard time believing in such ā€˜miraculousā€™ scripts, but Iā€™m probably wrong :monkey:

Maybe thereā€™s another way in that doesnā€™t have anything to do with the apps or services of the challenge, but with the box itself.

133

How did you make the list, is it available anywhere? It sounds like a good idea, just wondering if thereā€™s a quicker way of grabbing it than manually copying each payload!

134

Found a PoC for exploiting a CIF file, swapped the code with a reverse shell payload from reverseshell.com. Iā€™ve got my listener running on my host, tried running it on the server, and even tested different payloads with Burp Intruder, but I still canā€™t get the code to execute through the CIF file. Any idea what I might be doing wrong?

135
136

I used the sh based reverse shell payload in file upload but getting an error of 500 internal server so how to fix it any leads ?

137

hi everyone, just started this machine 2 days ago. At that time i got also 8080 tcp open, now i cant see it openā€¦ is there a problem with the machine or thats for real?

138

real.

1 Like
139

Search ā€œCIF file exploitā€ in Google and look the code

140
141

Who can I DM for help?

142

DM me

143

What payload are you using?.. use the Busybox payload if you arenā€™t already and make sure your using sh instead of bash.

144

I have found vector to come to machine. but when i use poc file it returns 500 internal error. anyone help me? i use cif file poc.

145

Maybe thatā€™s a big hint, idk.

First: Google ā€œCIF file exploitationā€ and look at the code to see where to place the payload correctly.

Second: Encapsulate the payload to make it work

Good luck

146

check your netcat listener for a callbackā€¦

147

I opend port for reverse shell. but i canā€™t get any callbackā€¦ i used bash, nc reverse shell but nothing come backā€¦

148

DM me

1 Like
149

I canā€™t see the upload option in the site.
only login and register is there

150

you need to register first