[gotti1312]

i got mysql pwd but cant log in directly :/

How did u find it?

[chillywilly]

i got mysql pwd but cant log in directly :/

How did u find it?

bruteforcing the script

[someonesomewhere]

Any hints for root ? Im going mad

[chillywilly]

script pw is not properly escaped

not seeing where this being passed in a context where shell globbing or expansion could occur in an unintended way

[ox9Days]

has anyone got any ideas for root? the backup.sh file seems to be the one but can't find anything wrong with it

[ajasjas]

Unescaped variable use in conditionals can be influenced to always validate true.

[nenandjabhata]

Unescaped variable use in conditionals can be influenced to always validate true.

I found this poc, "https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550" But i don't know how to use.
Can you help for foothold user

[Jac0810]

Unescaped variable use in conditionals can be influenced to always validate true.

I found this poc, "https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550" But i don't know how to use.
Can you help for foothold user

I used this 
https://gist.github.com/leesh3288/381b23...90cc8bb244

only change the command "touch"

[blade33]

here is useful link for root:
https://tldp.org/LDP/abs/html/comparison-ops.html

[Azad23]

here is useful link for root:
https://tldp.org/LDP/abs/html/comparison-ops.html

nice link ...

user hints : 
there are two ways :all the  PoCs  here valid and working , or u can use require('node:child_process')  and write your own ... each them end up whit RCE 

Root : 
2 ways : exfill char by char , manually or via script  OR u can use  2 ssh session and pspy but may is the unintended way,faster for sure 

p.s. if u want learn do a jucy script to exfill chars

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.