Shells & Payloads | The Live Engagement

HTB Content Academy
1

In the exploiting of host-02 (blog)
I realized that in the metasploit script 50064.rb there is an error (it can’t get the csfr-token)
I made it work like this:

     raw_body = res.body.to_s
     token_pos = raw_body =~ /"[abcdef0-9] {10}"}/
     token_raw = raw_body[token_pos + 1, token_pos + 10] #this doesn't work as I expect, the next line is a workaround
     token = token_raw[0..9]

to be put in place of the two lines

     token = res.body.split ('":"') [1] .split ('"') [0]
     # token = res.to_s.scan (/ "[abcdef0-9]{10}"} /) [0] .to_s.tr ('"}', '')

in the login function.
I apologize to Ruby’s purists but I don’t know this language so I’m sure there is a more elegant way to do what I did :smiley:

1 Like
2

Hey all, I’ve recently been stuck on box 2 of the assesment. I’m trying to use the exploit mentioned in the blog, but keep encountering this error:

image
image793×265 18.3 KB

Has anyone encountered this before?

4

That gives me this error:

msf6 exploit(50064) > run

[-] Exploit failed: NoMethodError undefined method `+' for nil:NilClass
[*] Exploit completed, but no session was created.
5

Thanks to jarednexgent he helped me find out i was getting this wrong. The issue was that i was filling in TARGETURI and VHOST with blog.inlanefreight.local because i thought TARGETURI was required. Turns out only VHOST was needed.

The error i was getting due to populating both TARGETURI and VHOST:
NoMethodError undefined method ‘split’ for nil:NilClass