Forum Discussion

Bronze III

2 months ago

CVE-2021-25281 (SaltStack) – Offensive

Need tips to get going with this, information on the exploit is sparse. I have the port, just need some help creating the correct command line. Not much out there on the internet on this. I have ...

Bronze II

2 months ago

I'm in the same boat. I've added print statements to the script, and found that no matter what I send, I'm getting a 503 response code back. However, I can connect to the port with curl or a browser, and it does respond with a list of actions, including the one that should be able to be exploited. I haven't figured out what to send in the script to make it work.

GusC
Bronze III
2 months ago
nmap 10.102.145.94
curl -k https://10.102.145.94:8000
{"return": "Welcome", "clients": ["local", "local_async", "local_batch", "local_subset", "runner", "runner_async", "ssh", "wheel", "wheel_async"]}
ssh-keygen -t rsa -f ~/Desktop/public_key
- ArthurDent
  Bronze II
  2 months ago
  Thanks!

Forum Discussion

CVE-2021-25281 (SaltStack) – Offensive

Featured Places

Help

Related Content

CVE-2021-25281 (SaltStack) – Offensive

CVE-2020-11651 (SaltStack RCE) – Defensive

Offensive PowerShell: Demonstrate Your Skills

CVE-2021-22205 (GitLab) – Offensive

Practical Malware Analysis: Demonstrate Your Skills Malware (Offensive)

Recent Discussions

Microsoft Sentinel Blue Team Ops: KQL Basics -Q11

Can I format the text in an interlude with HTML?

Ransomware: Snake

Having problems running the Python Expert Challenge 4 in OWASP Training: Access Control

Cyber Kill Chain: Reconnaissance