Hi All,
Need some help in the box 1.
After I RDP to the Foothold device, I can’t see any browser application. Is this expected in this Parrot OS.
If this is expected, how can I upload the file ?
Hi All,
Need some help in the box 1.
After I RDP to the Foothold device, I can’t see any browser application. Is this expected in this Parrot OS.
If this is expected, how can I upload the file ?
Often we use the GUI to navigate, can you think of an alternative way of opening an application?
Hi,
I used this:
https://charlesreid1.com/wiki/Metasploitable/Apache/Tomcat_and_Coyote
What you’ll have to do is set appropriate lhost, and so fourth, thereafter, set the appropriate target with set target
and show target
. There are appropriate payloads available, suggestively use a windows
reverse_tcp
. (show payloads
& set payloads
)
Hope it helps
Cheers
For anyone that is currently stuck on this the way i was:
Yes, you would be doing everything right if HTB was a little clearer with what IP you actually have once RDP’d to the foothold machine. If you’re just looking to get that question answered, the IP you should use as your LHOST when setting up the reverse shells is always 172.16.1.5. Happy hacking and dont let the small, frustrating parts of the journey keep you down.
sudo apt list | grep firefox
or firefox
For any one still stuck on this, msfvenom is your friend, just be careful on what options you use. The info gathered during the initial stage is important to determine the options.
I also spent too much time on host-1 looking for a browser, ended up using the burpsuite built in browser
Dear All,
in /usr/share/laudanum/jsp we have already a cmd.war. We can modify the only Ip Address in cmd.jsp, remake the war with makewar.sh script and upload this.
The correct url for to work after upload, is: http://172.16.1.11:8080/cmd/warfiles/cmd.jsp
Ok,
I also struggled around and finally figured out.
So, I used jsp war shell. Uploaded and got 500 error with long stacktrace as you can see above in some message.
Because I didn’t found Firefox I opened old browser Links. And it was issue.
When I ran in terminal firefox
browser opened and I ran this war file without issue.
For me my file was upload.war
and link to run it is http://172.16.1.11:8080/upload
Yeah, i tried running “firefox” in the terminal and it opened up firefox.
Perhaps look over your security settings in firefox.
no ,the firefox is the pwnbox built-in ones, i solved this issue by switch my pwn region to an EU box
having the same problem as you. did you ever find a solution?
switch a region of you pwnbox, or use the vpn instead of pwnbox
are you uploading via the bottom of status.inlanefreight.local using Burpesuite to intercept the upload and change the file type? or in Msfconsole?
Well, that one was quite difficult. Didn’t realise there was a Tomcat application directory I could navigate to, I was just trying to upload shells via the upload function at the bottom of the status.inlanefreight.local URL.
These helped me, managed to cobble together a solution:
Metasploitable/Apache/Tomcat and Coyote - charlesreid1
Shells and Payloads. Live engagement: Scenario: CAT5’s… | by Darshil Ashvinbhai Thummar | Medium
Solved, few important point
hi guys. im stuck here. I use auxiliary(scanner/http/tomcat_mgr_login but it didnt find right login and pass. what can be wrong?