[mhsoraa]

Any hits for command injection on root...

amay@sea:~$ curl http://127.0.0.1:8080

Unauthorized accessa
may@sea:~$

It's because it require credentials, portforward to access it

Thank you very much 4rrows.

[lucifer_devil_003]

anyone please tell me how to get root shell.

[trevor69000]

port forward to 8080 and intercept

[mhsoraa]

anyone please tell me how to get root shell.

command injection on port 8080

[mrtyry3132123]

i initial thought this method was not work cuz the connection close after couple of secs. turns out it is all that is need to read root.txt though

Me too! So, just add user to sudoers file:
echo 'amay ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
run it with command injection

[Liy4]

i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.

* $2y$ = indicates the bcrypt algorithm
* 10 = is the cost factor, which determines how computationally intensive the hashing process is
* The rest of the string is the salt and the hashed password.

3200 | bcrypt $2*$, Blowfish (Unix)

hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

[GilbertoCosta]

i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.

* $2y$ = indicates the bcrypt algorithm
* 10 = is the cost factor, which determines how computationally intensive the hashing process is
* The rest of the string is the salt and the hashed password.

3200 | bcrypt $2*$, Blowfish (Unix)

hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

u need to remove back slash before crack ))

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[Liy4]

i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.

* $2y$ = indicates the bcrypt algorithm
* 10 = is the cost factor, which determines how computationally intensive the hashing process is
* The rest of the string is the salt and the hashed password.

3200 | bcrypt $2*$, Blowfish (Unix)

hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

u need to remove back slash before crack ))

ohh yes... forgot to tell it mate... sry...

[trevor69000]

i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.

* $2y$ = indicates the bcrypt algorithm
* 10 = is the cost factor, which determines how computationally intensive the hashing process is
* The rest of the string is the salt and the hashed password.

3200 | bcrypt $2*$, Blowfish (Unix)

hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

u need to remove back slash before crack ))

ohh yes... forgot to tell it mate... sry...

thanks bro

[ametah]

i got shell but permission denied to read user.txt at /home/amay/user.txt
I see password $2y$10$iOrk210RQSAzNCx6Vyq2X.aJ\/D.GuE4jRIikYiWrD3TM\/PjDnXm4q but don't know what to do with it.

* $2y$ = indicates the bcrypt algorithm
* 10 = is the cost factor, which determines how computationally intensive the hashing process is
* The rest of the string is the salt and the hashed password.

3200 | bcrypt $2*$, Blowfish (Unix)

hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

u need to remove back slash before crack ))

ohh yes... forgot to tell it mate... sry...

thanks bro

I've really come a long way... i was able to port forward and log into 127.0.0.1:8080 page, intercept in burp but what has now failed is that my ;nc injection parameters are not working thus not getting a root shell.