[juandaredevil1337]

Olá pessoal, estou tendo esse erro ao tentar obter o shell root: 2024-08-29 14:54:03 +00 - [Warning-Duplicati.Library.Modules.Builtin.RunScript-ScriptExecuteError]: Erro ao executar o script "/source/tmp/script.sh": ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Acesso negado Win32Exception: ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Acesso negado

[dmitry7750]

Anyone Tell me how i get the root flag plz.

Goddamn блять do you can read pre - previous post??

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[juandaredevil1337]

Anyone Tell me how i get the root flag plz.

Goddamn блять do you can read pre - previous post??

why am I getting error: 2024-08-29 17:17:53 +00 - [Warning-Duplicati.Library.Modules.Builtin.RunScript-ScriptExecuteError]: Error while executing script "/source/tmp/script.sh": ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied Win32Exception: ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied

---

please can anyone provide a clear step-by-step of how to obtain the root flag in duplicati dashboard after logging in? what file or directory should i back up and restore? and how the hell can you even get a root shell with chisel active in marcus, and i cant authenticate the marcus ssh key in my machine.. make it comprehensive pls i really appreciate it

Go to settings ­ ­­- Add advanced option : Select "run-script-before"
put the path of your rev shell script (/tmp/rev.sh) : /source/tmp/rev.sh
Create from marcus session the /tmp/rev.sh with your reverse shell payload and make sure to make the file executable.
From Home, run the cacti backup with "Run now"
You should get shell with your listener waiting

Hello friend, I get this error here: 2024-08-29 17:26:31 +00 - [Warning-Duplicati.Library.Modules.Builtin.RunScript-ScriptExecuteError]: Error while executing script "/source/tmp/script.sh": ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied Win32Exception: ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied

[dmitry7750]

Anyone Tell me how i get the root flag plz.

Goddamn блять do you can read pre - previous post??

why am I getting error: 2024-08-29 17:17:53 +00 - [Warning-Duplicati.Library.Modules.Builtin.RunScript-ScriptExecuteError]: Error while executing script "/source/tmp/script.sh": ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied Win32Exception: ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied

---

please can anyone provide a clear step-by-step of how to obtain the root flag in duplicati dashboard after logging in? what file or directory should i back up and restore? and how the hell can you even get a root shell with chisel active in marcus, and i cant authenticate the marcus ssh key in my machine.. make it comprehensive pls i really appreciate it

Go to settings ­ ­­- Add advanced option : Select "run-script-before"
put the path of your rev shell script (/tmp/rev.sh) : /source/tmp/rev.sh
Create from marcus session the /tmp/rev.sh with your reverse shell payload and make sure to make the file executable.
From Home, run the cacti backup with "Run now"
You should get shell with your listener waiting

Hello friend, I get this error here: 2024-08-29 17:26:31 +00 - [Warning-Duplicati.Library.Modules.Builtin.RunScript-ScriptExecuteError]: Error while executing script "/source/tmp/script.sh": ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied Win32Exception: ApplicationName='/source/tmp/script.sh', CommandLine='', CurrentDirectory='', Native error= Access denied

One typo
noncepwd is wrong. try noncedpwd .

var noncedpwd = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(CryptoJS.enc.Base64.parse('value_of_NONCE') + 'value_of_hex_server_passphrase')).toString(CryptoJS.enc.Base64);

Any question you can found answer in these articles:
https://medium.com/@STarXT/duplicati-byp...4d6991e9ee
https://github.com/duplicati/duplicati/issues/5197

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[J1ke]

can somebody drop the hash this shit is taking forever

dont do time-based, other injection methods work too

The only thing that worked was Stacked Query, basically changing the admin password hash to something like md5 of '1234' and using that pw to login, but I don't see anything interesting and the hashes can't be cracked with rockyou and john.

What do you mean it's faster? Elaborate please

I don't really know what u mean, but boolean-based blind is possible:
sqlmap -r req2.txt --dbms=mysql --technique=B -T users -D monitorsthree_db --dump
U get hashes and crack with hashcat -m 0.
Login to vhost cacti

i crack with hashcat  -m 0  -a 3 rockyou.txt ,but nothing！