Possibly Related Threads…

cybr3d · Mar 12, 2024, 02:35 PM

(Mar 12, 2024, 09:49 AM)valer4ik312 Wrote: Who can help, with KORP Terminal???
I know I need to use SQLi, but I can't get the query right.
Here's what I tried: username=admin'+--+-+&password=a

sqlmap will do the job for you.

cybr3d · Mar 12, 2024, 02:48 PM

(Mar 12, 2024, 02:40 PM)nefyy Wrote:
(Mar 12, 2024, 02:27 PM)cybr3d Wrote:
(Mar 12, 2024, 01:51 PM)nefyy Wrote: Any hint for LockTalk step 2, getting admin role token?

It's "administrator" not "admin"

Sure, it is. My bad. Any ideas?

take a look at python-jwt. maybe some CVE will help you escalate from guest to administrator.

not_a_30t · Mar 12, 2024, 02:55 PM

(Mar 12, 2024, 02:27 PM)cybr3d Wrote:
(Mar 12, 2024, 01:51 PM)nefyy Wrote: Any hint for LockTalk step 2, getting admin role token?

It "administrator" not "admin"

Yes its "administrator" but after chaing the JWT
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAyNTc3NzgsImlhdCI6MTcxMDI1NDE3OCwianRpIjoiNVZxTHpSMHZNcnFqd2JtZ3VQSDJLdyIsIm5iZiI6MTcxMDI1NDE3OCwicm9sZSI6ImFkbWluaXN0cmF0b3IiLCJ1c2VyIjoiYWRtaW4ifQ.olfGvbPeTnIIYIvs6AuVv3lHkWuZ3LtM_rsekP_wulMsEC19unWVumaFjRWmAcCm7_e5zmG6sFPyjKCbXnxybv6Mrw_sfiznTkoZYBxMbKu_ogZMw6sSIolNF_9l_KvdnFyqbp_fs1s8DN5QouNzvQ9fniVTSBUF2N2faZgnmcfJQY179Atq08w0DctRnVmY3rrV0bMFS4HAA9X7YagsFooyOVh9fdyetLtZemFjejLkXlvcEQvt5timyB8_lMSpGL0PEWp5wkZrH_7g5z6WXxjsGXxBQLeum-f8JSI43CNRTkgTiw8glYsDVK2SWYmYDdnLMHHnrEoUwz4s2Yz-9g

I am getting this error {"error":"Verification failed for all signatures["Failed: [InvalidJWSSignature('Verification failed')]"]","message":"JWT token verification failed."}

I even found password in chat 10 B@N$m@piDSvsErZQc(XEEuy6c

used it as a private key in JWTtool
but still the same error . plzz hELP

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Multi-Accounting @iHzxy @Kingkevin29 @iMSuchDumb @RizkiAditia @moviesnetwork @frontmeal @araspolw @ahmedbybers @glacedgaming24 @jesxx | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

xemyll · Mar 12, 2024, 03:00 PM

(Mar 12, 2024, 02:55 PM)not_a_30t Wrote:
(Mar 12, 2024, 02:27 PM)cybr3d Wrote:
(Mar 12, 2024, 01:51 PM)nefyy Wrote: Any hint for LockTalk step 2, getting admin role token?

It "administrator" not "admin"

Yes its "administrator" but after chaing the JWT
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAyNTc3NzgsImlhdCI6MTcxMDI1NDE3OCwianRpIjoiNVZxTHpSMHZNcnFqd2JtZ3VQSDJLdyIsIm5iZiI6MTcxMDI1NDE3OCwicm9sZSI6ImFkbWluaXN0cmF0b3IiLCJ1c2VyIjoiYWRtaW4ifQ.olfGvbPeTnIIYIvs6AuVv3lHkWuZ3LtM_rsekP_wulMsEC19unWVumaFjRWmAcCm7_e5zmG6sFPyjKCbXnxybv6Mrw_sfiznTkoZYBxMbKu_ogZMw6sSIolNF_9l_KvdnFyqbp_fs1s8DN5QouNzvQ9fniVTSBUF2N2faZgnmcfJQY179Atq08w0DctRnVmY3rrV0bMFS4HAA9X7YagsFooyOVh9fdyetLtZemFjejLkXlvcEQvt5timyB8_lMSpGL0PEWp5wkZrH_7g5z6WXxjsGXxBQLeum-f8JSI43CNRTkgTiw8glYsDVK2SWYmYDdnLMHHnrEoUwz4s2Yz-9g

I am getting this error {"error":"Verification failed for all signatures["Failed: [InvalidJWSSignature('Verification failed')]"]","message":"JWT token verification failed."}

I even found password in chat 10 B@N$m@piDSvsErZQc(XEEuy6c

used it as a private key in JWTtool
but still the same error . plzz hELP

google exploit for jwt library

Drym · Mar 12, 2024, 03:24 PM

Yo, anyone can tell me why this payload :
Phreaks(Phreaks.__init__.__globals__.__getitem__("__builtins__").eval("__import__(\\"subprocess\\").getoutput(\\"ls\\")"), "", 1)

Does not pass the checks in Were Pickle Phreaks ? I can't seem to wrap my head around why this does not work, even locally.

not_a_30t · Mar 12, 2024, 03:27 PM

(Mar 12, 2024, 03:00 PM)xemyll Wrote:
(Mar 12, 2024, 02:55 PM)not_a_30t Wrote:
(Mar 12, 2024, 02:27 PM)cybr3d Wrote:
(Mar 12, 2024, 01:51 PM)nefyy Wrote: Any hint for LockTalk step 2, getting admin role token?

It "administrator" not "admin"

Yes its "administrator" but after chaing the JWT
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAyNTc3NzgsImlhdCI6MTcxMDI1NDE3OCwianRpIjoiNVZxTHpSMHZNcnFqd2JtZ3VQSDJLdyIsIm5iZiI6MTcxMDI1NDE3OCwicm9sZSI6ImFkbWluaXN0cmF0b3IiLCJ1c2VyIjoiYWRtaW4ifQ.olfGvbPeTnIIYIvs6AuVv3lHkWuZ3LtM_rsekP_wulMsEC19unWVumaFjRWmAcCm7_e5zmG6sFPyjKCbXnxybv6Mrw_sfiznTkoZYBxMbKu_ogZMw6sSIolNF_9l_KvdnFyqbp_fs1s8DN5QouNzvQ9fniVTSBUF2N2faZgnmcfJQY179Atq08w0DctRnVmY3rrV0bMFS4HAA9X7YagsFooyOVh9fdyetLtZemFjejLkXlvcEQvt5timyB8_lMSpGL0PEWp5wkZrH_7g5z6WXxjsGXxBQLeum-f8JSI43CNRTkgTiw8glYsDVK2SWYmYDdnLMHHnrEoUwz4s2Yz-9g

I am getting this error {"error":"Verification failed for all signatures["Failed: [InvalidJWSSignature('Verification failed')]"]","message":"JWT token verification failed."}

I even found password in chat 10 B@N$m@piDSvsErZQc(XEEuy6c

used it as a private key in JWTtool
but still the same error . plzz hELP
google exploit for jwt library

If you are reffering to NoNe attack I have tried it even buteforcing the PS256 failed

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Multi-Accounting @iHzxy @Kingkevin29 @iMSuchDumb @RizkiAditia @moviesnetwork @frontmeal @araspolw @ahmedbybers @glacedgaming24 @jesxx | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

xa6 · Mar 12, 2024, 03:32 PM

Trading.

Path of Survival, MultiDigilingual, Were Pickle Phreaks Revenge, Quantum Conundrum
Confinement
Metagaming, QuickScan, FollowThePath
Tsayaki, Permuted, Partial Tenacity, Arranged
Maze of Mist, Oracle, Deathnote
Ledger Heist
Flash-ing Logs

xemyll · Mar 12, 2024, 03:33 PM

(Mar 12, 2024, 03:27 PM)not_a_30t Wrote:
(Mar 12, 2024, 03:00 PM)xemyll Wrote:
(Mar 12, 2024, 02:55 PM)not_a_30t Wrote:
(Mar 12, 2024, 02:27 PM)cybr3d Wrote:
(Mar 12, 2024, 01:51 PM)nefyy Wrote: Any hint for LockTalk step 2, getting admin role token?

It "administrator" not "admin"

Yes its "administrator" but after chaing the JWT
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAyNTc3NzgsImlhdCI6MTcxMDI1NDE3OCwianRpIjoiNVZxTHpSMHZNcnFqd2JtZ3VQSDJLdyIsIm5iZiI6MTcxMDI1NDE3OCwicm9sZSI6ImFkbWluaXN0cmF0b3IiLCJ1c2VyIjoiYWRtaW4ifQ.olfGvbPeTnIIYIvs6AuVv3lHkWuZ3LtM_rsekP_wulMsEC19unWVumaFjRWmAcCm7_e5zmG6sFPyjKCbXnxybv6Mrw_sfiznTkoZYBxMbKu_ogZMw6sSIolNF_9l_KvdnFyqbp_fs1s8DN5QouNzvQ9fniVTSBUF2N2faZgnmcfJQY179Atq08w0DctRnVmY3rrV0bMFS4HAA9X7YagsFooyOVh9fdyetLtZemFjejLkXlvcEQvt5timyB8_lMSpGL0PEWp5wkZrH_7g5z6WXxjsGXxBQLeum-f8JSI43CNRTkgTiw8glYsDVK2SWYmYDdnLMHHnrEoUwz4s2Yz-9g

I am getting this error {"error":"Verification failed for all signatures["Failed: [InvalidJWSSignature('Verification failed')]"]","message":"JWT token verification failed."}

I even found password in chat 10 B@N$m@piDSvsErZQc(XEEuy6c

used it as a private key in JWTtool
but still the same error . plzz hELP
google exploit for jwt library

If you are reffering to NoNe attack I have tried it even buteforcing the PS256 failed

https://nvd.nist.gov/vuln/detail/CVE-2022-39227

ipispandesal · Mar 12, 2024, 03:38 PM

any hints/attacks for testimonial (web)?

nnrrkk · Mar 12, 2024, 03:39 PM

(Mar 12, 2024, 03:24 PM)Drym Wrote: Yo, anyone can tell me why this payload :
Phreaks(Phreaks.__init__.__globals__.__getitem__("__builtins__").eval("__import__(\\"subprocess\\").getoutput(\\"ls\\")"), "", 1)

Does not pass the checks in Were Pickle Phreaks ? I can't seem to wrap my head around why this does not work, even locally.

"__builtins__" module is not allowed in the unpickle function.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] CPTS 12 FLAGS	pulsebreaker	66	1,788	5 hours ago Last Post: vlka
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,549	10 hours ago Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,217	Yesterday, 02:10 PM Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,525	Apr 29, 2026, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	416	Apr 29, 2026, 10:36 PM Last Post: op334