[fazemike]

i tried to load test.dll generated from msfvenom to /opt/components it worked but as i try to run it i get Bad IL Format

how could you load it in /opt/components?

[jsvensson]

i tried to load test.dll generated from msfvenom to /opt/components it worked but as i try to run it i get Bad IL Format

how could you load it in /opt/components?

Using burp intercept and Upload content - first i generated long name for my dll for example:
aabaabaabaabaabaabaabaabaaboptEcomponentsEtest.dll
when intercepted change to:
../../../../../../../../../opt/components/test.dll

i think it have to hava same char numbers when you change name because other way i got error in json

[htbtester12]

i tried to load test.dll generated from msfvenom to /opt/components it worked but as i try to run it i get Bad IL Format

how could you load it in /opt/components?

Using burp intercept and Upload content - first i generated long name for my dll for example:
aabaabaabaabaabaabaabaabaaboptEcomponentsEtest.dll
when intercepted change to:
../../../../../../../../../opt/components/test.dll

i think it have to hava same char numbers when you change name because other way i got error in json

We probably need to use the path traversal finding on port 80 to grab a valid .dll file, such as Logs.dll. decompile the code and insert our own reverse shell into it. Compile the dll file again so it matching the same kind of structure to avoid the bad format thingi.

maybe something like this: https://sid4hack.medium.com/malware-deve...48f5ebbafe

[AdenBilal]

I found this on official discussion forums

found a hint somewhere else for initial foothold. anyways, if anyone needs a very slight nudge look for web servers

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[psy00ps1337]

Why are you all trying to get a windows shell in a Linux machine? this is .NET, not Windows.

[shadow__monarch]

Is anybody know how to get shell ?

[olkn00b]

i tried to load test.dll generated from msfvenom to /opt/components it worked but as i try to run it i get Bad IL Format

I was able to upload to that path, but how did you get it to run?

[Pegasus505]

this is detailed thanks mate , i was stuck in the dll file part

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Reposting for credits

[ipfi]

Additional Ports via SSRF (Skipper):

5000 (blazor)
8000 (same as on 80)

How to get there:

GET / HTTP/1.1
Host: lantern.htb
X-Skipper-Proxy: http://127.0.0.1:5000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

---

on GET /_framework/blazor.boot.json are all blazor dlls,
via /_framework/InternaLantern.dll you can download them

seems to be blazor .Net decompiling again

how did u find the open ports?
I've run burp with intruder and sniper on x-skipper-proxy: http:/127.0.0.1:§port§ but this can't be the wright way.

Also, how did u find the _framework/blazor.boot.json and _framework/InternaLantern.dll?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[M4nasCieL]

i tried to load test.dll generated from msfvenom to /opt/components it worked but as i try to run it i get Bad IL Format

how could you load it in /opt/components?

Using burp intercept and Upload content - first i generated long name for my dll for example:
aabaabaabaabaabaabaabaabaaboptEcomponentsEtest.dll
when intercepted change to:
../../../../../../../../../opt/components/test.dll

i think it have to hava same char numbers when you change name because other way i got error in json

We probably need to use the path traversal finding on port 80 to grab a valid .dll file, such as Logs.dll. decompile the code and insert our own reverse shell into it. Compile the dll file again so it matching the same kind of structure to avoid the bad format thingi.

maybe something like this: https://sid4hack.medium.com/malware-deve...48f5ebbafe

thanks for this