CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive Question

Hi, I am stuck on number 8 in this lab which is: What is the value you find in /root/token.txt? I am having trouble trying to determine what vulnerability to exploit in order to obtain this token. ...

immersive labs

CyberSharpe
24 days ago
RockyRC this is all in the briefing. Admittedly the new layout seems a little clunky (Alot).
The only difference to the briefing is, instead of 'uname' use 'cat /root/token.txt'. X-PAN-AUTHCHECK OFF - no passwords ;)

Using the PHPSESSID it gives you in the response section. We are 'logged in', we can now poke the system to run our command as it doesn't work on its own.

We can GET the response of our command in the public folder we defined earlier, either by using Burp or visiting the URL. $IP/unauth/random.php
This is just a range'ism, to get the answer to the question. The fun part is getting the shell and doing as you please. However simple exfiltration.

Let me know if this solution helps.

Forum Discussion

CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive Question

Featured Places

Help & Support Forum

Related Content

New CTI Labs: CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive and Defensive

CVE-2021-22205 (GitLab) – Offensive

Reverse Engineering (Offensive) JavaScript Analysis: JSDetox

Web App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive

Struggling with 'CVE-2025-33073 (SMB Elevation of Privilege): Offensive' lab

Recent Discussions

Advanced CTF Challenge: Serial Maze

Serial Maze Support Group

Modern Encryption: Demonstrate Your Skills

Advanced CTF Challenge: Hardened Maze

Unable to access Developer tools in the lab