Possibly Related Threads…

Ryzzle · Jun 08, 2024, 08:23 PM

api.api_server = http://api.blurry.htb
api.web_server = http://app.blurry.htb
api.files_server = http://files.blurry.htb
api.credentials.access_key = 8TL83TDO2YXCQ4789DE4

In pyTorch Lightning MNIST console view

osamy7593 · Jun 08, 2024, 08:24 PM

(Jun 08, 2024, 08:14 PM)mxntysec Wrote: You can execute tasks with an ClearML agent, the problem is the web app doesn't have its own agent and using your own agent will only get you code exec as yourself...

──(root?kali)-[~/…/Medium/Blurry/enumeration/web]
└─# python -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
10.10.14.45 - - [08/Jun/2024 13:05:49] "GET /shell.sh HTTP/1.1" 200

bro how did u do that ? u type what ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

mxntysec · Jun 08, 2024, 08:26 PM

(Jun 08, 2024, 08:24 PM)osamy7593 Wrote:
(Jun 08, 2024, 08:14 PM)mxntysec Wrote: You can execute tasks with an ClearML agent, the problem is the web app doesn't have its own agent and using your own agent will only get you code exec as yourself...

──(root?kali)-[~/…/Medium/Blurry/enumeration/web]
└─# python -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
10.10.14.45 - - [08/Jun/2024 13:05:49] "GET /shell.sh HTTP/1.1" 200

bro how did u do that ? u type what ?

1. pip install clearml-agent

2. clearml-agent init (configure this)

3. clearml-agent daemon --queue default

4. upload a task

5. get code exec

but the web server has no agent's itself, and we can start one but it will execute everything on our behalf (we will not get code execution on the web server)

ritualist · Jun 08, 2024, 08:28 PM

Check the hint in rocket chat.
Add the review tag and jippity will execute it.

osamy7593 · Jun 08, 2024, 08:29 PM

(Jun 08, 2024, 08:23 PM)Ryzzle Wrote: api.api_server = http://api.blurry.htb
api.web_server = http://app.blurry.htb
api.files_server = http://files.blurry.htb
api.credentials.access_key = 8TL83TDO2YXCQ4789DE4

In pyTorch Lightning MNIST console view

how to use this api key

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

osamy7593 · Jun 08, 2024, 08:39 PM

(Jun 08, 2024, 08:32 PM)defacddd Wrote: i have a script that follows the blog about rce but cant figure out how to make a get request to the artifact

# Fetch the artifact using the 'get' method
preprocess_task = Task.get_task(task_name=task_name, project_name='Yung Lean') # Corrected task and project names
preprocess_task.artifacts['netcat.pkl'].get()

Error:
clearml.storage - ERROR - Failed creating storage object file:// Reason: 'NoneType' object has no attribute 'startswith'
AttributeError: 'NoneType' object has no attribute 'base_url'

Im in the clearml github and i dont see any methods that can help so im gonna start looking into api again

Edit:
blog says 'a user calls the get method within the Artifact class'

if ur making script without chatgpt:

look into artifact.get() and get_local_copy, need help understanding error
https://github.com/allegroai/clearml/blo...tifacts.py

clearml doc on interacting with artifacts:
https://clear.ml/docs/latest/docs/guides...n-artifact

u mean we can upload .py script and run it to get a shell?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

Szakyro · Jun 08, 2024, 08:40 PM

(Jun 08, 2024, 08:28 PM)ritualist Wrote: Check the hint in rocket chat.
Add the review tag and jippity will execute it.

I'm not finding that review tag

ritualist · Jun 08, 2024, 08:41 PM

https://hiddenlayer.com/research/not-so-...ply-chain/

Use the pickle code from here

As the article says, it will wrap it in another pickle which will break it. I modified the artifacty.py in the library to directly use my pickle. No need to mess with API.
Add review tag.
Try some rev shells, one will work.

Szakyro · Jun 08, 2024, 08:55 PM

(Jun 08, 2024, 08:41 PM)ritualist Wrote: https://hiddenlayer.com/research/not-so-...ply-chain/

Use the pickle code from here

As the article says, it will wrap it in another pickle which will break it. I modified the artifacty.py in the library to directly use my pickle. No need to mess with API.
Add review tag.
Try some rev shells, one will work.

I've got no ideea why but I made the same script as the one in the video and it doesn't work...

osamy7593 · (This post was last modified: Jun 08, 2024, 09:03 PM by osamy7593.)

what shell u used ? python or bash ?

the shell returns from my machine ?? why connect to [10.10.14.216] from (UNKNOWN) [10.10.14.216] 52776

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox All Cheatsheets	Tamarisk	15	791	41 minutes ago Last Post: 0x5k1z0
	CPTS-FLAG	darkcat	14	5,718	1 hour ago Last Post: Sukon
	[FREE] CPTS 12 FLAGS	pulsebreaker	78	2,594	1 hour ago Last Post: hitlerssecretsidechick
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	91	8,272	1 hour ago Last Post: hitlerssecretsidechick
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	381	94,466	4 hours ago Last Post: xixi75