Official Chemistry Discussion

Metahzsploit · October 22, 2024, 10:49pm

DM me

r0oks · October 23, 2024, 12:34am

That’s the assumption that makes the most sense, I guess. But I don’t know. Even if you could automate the whole thing or a big chunk of it, and account for every possible scenario (including a CIF file), the runtimes seem too good to run all steps to reach the flag with its different possible options. I have a hard time believing in such ‘miraculous’ scripts, but I’m probably wrong

Maybe there’s another way in that doesn’t have anything to do with the apps or services of the challenge, but with the box itself.

Jamessuperfun · October 23, 2024, 12:36pm

How did you make the list, is it available anywhere? It sounds like a good idea, just wondering if there’s a quicker way of grabbing it than manually copying each payload!

grnl · October 23, 2024, 1:56pm

Found a PoC for exploiting a CIF file, swapped the code with a reverse shell payload from reverseshell.com. I’ve got my listener running on my host, tried running it on the server, and even tested different payloads with Burp Intruder, but I still can’t get the code to execute through the CIF file. Any idea what I might be doing wrong?

francescoflora82 · October 23, 2024, 2:29pm

Cipherhash · October 23, 2024, 2:36pm

I used the sh based reverse shell payload in file upload but getting an error of 500 internal server so how to fix it any leads ?

Ripper1987 · October 23, 2024, 2:39pm

hi everyone, just started this machine 2 days ago. At that time i got also 8080 tcp open, now i cant see it open… is there a problem with the machine or thats for real?

Yw4rf · October 23, 2024, 2:40pm

real.

Yw4rf · October 23, 2024, 2:45pm

Search “CIF file exploit” in Google and look the code

BlatantStr1ker · October 23, 2024, 2:47pm

grnl · October 23, 2024, 3:11pm

Who can I DM for help?

Yw4rf · October 23, 2024, 3:18pm

DM me

Metahzsploit · October 23, 2024, 3:20pm

What payload are you using?.. use the Busybox payload if you aren’t already and make sure your using sh instead of bash.

nnknown · October 23, 2024, 3:35pm

I have found vector to come to machine. but when i use poc file it returns 500 internal error. anyone help me? i use cif file poc.

Yw4rf · October 23, 2024, 3:35pm

Maybe that’s a big hint, idk.

First: Google “CIF file exploitation” and look at the code to see where to place the payload correctly.

Second: Encapsulate the payload to make it work

Good luck

Metahzsploit · October 23, 2024, 3:36pm

check your netcat listener for a callback…

nnknown · October 23, 2024, 3:47pm

I opend port for reverse shell. but i can’t get any callback… i used bash, nc reverse shell but nothing come back…

Metahzsploit · October 23, 2024, 3:49pm

DM me

ashu_016 · October 23, 2024, 4:04pm

I can’t see the upload option in the site.
only login and register is there

Yw4rf · October 23, 2024, 4:22pm

you need to register first

Topic		Replies	Views
Official Resource Discussion Machines	153	4801	November 23, 2024
Official Compromised Discussion Machines	210	22382	January 25, 2021
Official Atom Discussion Machines	90	11332	July 8, 2021
Official EarlyAccess Discussion Machines	21	2632	February 5, 2022
Official Secret Discussion Machines	147	11403	March 24, 2022

Official Chemistry Discussion

Related topics