Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Hello all, I have spent way to long trying to complete the iView2 exploit. I was expecting a text box on the page for command entry, but I cannot get anything like that. I have been able to send a ...

immersive labs

JWhit101
5 months ago
Bluesman, I have been able to get this working with the help of support. Although the lab specifically provides the exploit to use in the payload, it does not appear to be accurate. (Even any additional articles/examples I found from y4er or others do not seem to include this)
The key is that the exploit payload must include the split command to extract the arguments that are comma separated. So {99,109,100})).split(\",\")).start(). This explains why a command like whoami, or some others that don't require arguments work fine, and why the error that we continued to get indicating "cmd,/c,xxxxxx" command not found seemed to be interpreted as the single name of a command.
Once you include this split in the payload, I think you will have luck with just comma separating the arguments discussed earlier. !!Don't forget to URL encode that space in type C:\token.txt!!
I hope that sheds a little light and helps you through this one!
J

Forum Discussion

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Featured Places

Help & Support Forum

Related Content

Web App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive

CSM Tip: Have A Summer Series! Are YOU Taking Advantage Of Summer?

Re: APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

Re: PowerShell Basics: Demonstrate Your Skills question 11/12

Re: What is a "Demonstrate" Lab and how does it differ from other types of lab?

Recent Discussions

Immersive GUI

Privilege Escalation: Windows – Unquoted Service Paths

TLS Fundamentals: Ep.8 – Final Challenge

Elastic Data Ingest: Ep.5 – Packetbeat

Cyber Kill Chain: Delivery