Blog Post

The Human Connection Blog
6 MIN READ

The Human Connection Challenge Lab 4: Linux Official Walkthrough Guide

StefanApostol's avatar
StefanApostol
Icon for Immerser rankImmerser
2 months ago
Time’s Up! Congratulations to everyone who completed Lab 4: Linux from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab b...
Updated 2 months ago
Version 2.0
challenges & scenarios
community challenge
StefanApostol's avatar
Icon for Immerser rankImmerser
Joined February 18, 2025
View Profile
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.
StefanApostol's avatar
StefanApostol
Icon for Immerser rankImmerser
22 days ago

kevin1 can you please show, in order, the following steps:
- generate the Metasploit payload
- host it using python http.server
- echo command in your original low-level meterpreter shell after exploiting webdav.

kevin1's avatar
kevin1
Icon for Bronze II rankBronze II
22 days ago

Hi Stefan. Please see the screenshots and hopefully you can shed spme light on this saga.😊

 

  • StefanApostol's avatar
    StefanApostol
    Icon for Immerser rankImmerser
    21 days ago

    so in theory this should be it. after a minute, the cronjob should run. you can test this by going to /tmp and running clear-dav.sh manually. if it works, cron will do the same thing, but as root

    • kevin1's avatar
      kevin1
      Icon for Bronze II rankBronze II
      11 days ago

      Using the echo command in the third picture must be wrong as it's not downloading a file from the HTTP server and getting a connection back to the Metaspoloit listener to enable to be root to obtain the token.  I've tried so hard for a long time on this question. Please, please advise?