Posts: 5
Threads: 0
Joined: Aug 2024
(Aug 24, 2024, 10:49 PM)noidontwant Wrote: (Aug 24, 2024, 10:39 PM)mascon Wrote: (Aug 24, 2024, 10:21 PM)noidontwant Wrote: (Aug 24, 2024, 10:06 PM)teky Wrote: can somebody drop the hash this shit is taking forever
dont do time-based, other injection methods work too
The only thing that worked was Stacked Query, basically changing the admin password hash to something like md5 of '1234' and using that pw to login, but I don't see anything interesting and the hashes can't be cracked with rockyou and john.
What do you mean it's faster? Elaborate please
I don't really know what u mean, but boolean-based blind is possible:
sqlmap -r req2.txt --dbms=mysql --technique=B -T users -D monitorsthree_db --dump
U get hashes and crack with hashcat -m 0.
Login to vhost cacti I'm not sure how you detected it, probably because you supplied the request from burp and I did it manually. I did level 5 and risk 3, and it only found time based and stacked query. I managed to dump it after an absurdly long time and crack with john, actually I'm almost at user
Posts: 219
Threads: 14
Joined: Apr 2024
can't import package in cacti why This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 30
Threads: 0
Joined: May 2024
Use the metasploit module : exploit/multi/http/cacti_package_import_rce
You'll be able to land a shell as www-data This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 3
Threads: 0
Joined: Jun 2024
(Aug 24, 2024, 11:14 PM)osamy7593 Wrote: can't import package in cacti why
multi/http/cacti_package_import_rce
Posts: 20
Threads: 0
Joined: Aug 2023
(Aug 24, 2024, 11:18 PM)wtfduw Wrote: Use the metasploit module : exploit/multi/http/cacti_package_import_rce
You'll be able to land a shell as www-data
for all people
that the module does not install for msfconsole
use this
and shell rm /tmp....
https://github.com/Cacti/cacti/security/...-g5qc-pj88
i got a shell with this This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Scraping | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 9
Threads: 0
Joined: Jul 2024
any hints for after www-data can get to user
Posts: 11
Threads: 0
Joined: Jul 2024
(Aug 24, 2024, 11:27 PM)deku76 Wrote: any hints for after www-data can get to user
marcus has a user account in cacti.
Posts: 26
Threads: 0
Joined: May 2024
this got me shell https://github.com/rapid7/metasploit-fra...pull/19196This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 25
Threads: 0
Joined: Jul 2024
http://127.0.0.1:8200/login.html
Once you gain access to the user Marcus, there is a port that can be accessed with the command
ssh -L 8200:127.0.0.1:8200 marcus@10.10.11.30 -i sessions/id_rsa_marcus
Posts: 37
Threads: 2
Joined: Jan 2024
the user flag was so fucking easy wtf ahahahahahaha
|
