Shells & payloads - The live engagement - host #1

Hi All,

Need some help in the box 1.

After I RDP to the Foothold device, I can’t see any browser application. Is this expected in this Parrot OS.

If this is expected, how can I upload the file ?

Often we use the GUI to navigate, can you think of an alternative way of opening an application?

Hi,
I used this:
https://charlesreid1.com/wiki/Metasploitable/Apache/Tomcat_and_Coyote

What you’ll have to do is set appropriate lhost, and so fourth, thereafter, set the appropriate target with set target and show target. There are appropriate payloads available, suggestively use a windows reverse_tcp. (show payloads & set payloads)

Hope it helps :slight_smile:
Cheers

For anyone that is currently stuck on this the way i was:

Yes, you would be doing everything right if HTB was a little clearer with what IP you actually have once RDP’d to the foothold machine. If you’re just looking to get that question answered, the IP you should use as your LHOST when setting up the reverse shells is always 172.16.1.5. Happy hacking and dont let the small, frustrating parts of the journey keep you down.

sudo apt list | grep firefox

or firefox

1 Like

For any one still stuck on this, msfvenom is your friend, just be careful on what options you use. The info gathered during the initial stage is important to determine the options.

I also spent too much time on host-1 looking for a browser, ended up using the burpsuite built in browser :man_facepalming:

Dear All,
in /usr/share/laudanum/jsp we have already a cmd.war. We can modify the only Ip Address in cmd.jsp, remake the war with makewar.sh script and upload this.

The correct url for to work after upload, is: http://172.16.1.11:8080/cmd/warfiles/cmd.jsp

Ok,

I also struggled around and finally figured out.
So, I used jsp war shell. Uploaded and got 500 error with long stacktrace as you can see above in some message.
Because I didn’t found Firefox I opened old browser Links. And it was issue.
When I ran in terminal firefox browser opened and I ran this war file without issue.

For me my file was upload.war and link to run it is http://172.16.1.11:8080/upload

Yeah, i tried running “firefox” in the terminal and it opened up firefox.


seems some connection issue between my edge pwnbox and the attack box
i can’t upload a .aspx file or a .war file
anybody can give some hint?

Perhaps look over your security settings in firefox.

no ,the firefox is the pwnbox built-in ones, i solved this issue by switch my pwn region to an EU box

having the same problem as you. did you ever find a solution?

switch a region of you pwnbox, or use the vpn instead of pwnbox

are you uploading via the bottom of status.inlanefreight.local using Burpesuite to intercept the upload and change the file type? or in Msfconsole?

Well, that one was quite difficult. Didn’t realise there was a Tomcat application directory I could navigate to, I was just trying to upload shells via the upload function at the bottom of the status.inlanefreight.local URL.

These helped me, managed to cobble together a solution:
Metasploitable/Apache/Tomcat and Coyote - charlesreid1
Shells and Payloads. Live engagement: Scenario: CAT5’s… | by Darshil Ashvinbhai Thummar | Medium

Solved, few important point

  1. use 172.16.1.5 (from ifconfig)
  2. Modify the msfvenom in cheat cheat (the war one) generate payload using jsp reverseshell to war file in cheat sheet and set port to something else (i use port 4321)
  3. Start listening sudo nc -lvnp 4321
  4. Upload the war file from tomcat using the user/pass provided
  5. Got the shell access

hi guys. im stuck here. I use auxiliary(scanner/http/tomcat_mgr_login but it didnt find right login and pass. what can be wrong?