CVE-2021-25281 (SaltStack) – Offensive

Question

I've tried every way I can think of to use the python script for this lab. Here's and example using the state option:

I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?

arthurdent · Accepted Answer

In CVE-2021-25281 (SaltStack) – Offensive | Immersive Community - 3475, GusC​ gave me a modification to the script that got it to work for me. Thanks!

Forum Discussion

CVE-2021-25281 (SaltStack) – Offensive

2 Replies

Featured Places

Help

Related Content

CVE-2021-25281 (SaltStack) – Offensive

CVE-2020-11651 (SaltStack RCE) – Defensive

Offensive PowerShell: Demonstrate Your Skills

CVE-2021-22205 (GitLab) – Offensive

Practical Malware Analysis: Demonstrate Your Skills Malware (Offensive)

Recent Discussions

IoT & Embedded Devices: Certificate Underpinning

Trick or Treat on Specter Street: Morphy's Mansion Challenge

Trick or Treat on Specter Street: Morphy’s Mansion

Credential Access: Password Hashing Algorithms

Trick or Treat on Specter Street: Ghost of the SOC