Forum Discussion

JWhit101's avatar
JWhit101
Icon for Bronze II rankBronze II
22 days ago
Solved

Web App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive

Hey all,

Anyone have any luck with CVE-2022-42889 (Text4Shell) – Offensive?   The first few questions were easy enough, but I have spent hours on the last one trying to get the token.  On the attacker server, I can setup the listener, I don't believe my problem is there. 

I have tried many variations of URL encoding and various nc commands in the payload including ones similar to the blog post.  If any one has any suggestions I would love to hear them!

Thanks.

  • I was also now able to complete this lab using a browser, or using curl in a terminal, both work just as well.

    By combining the Payload Example in the briefing and the reverse shell command in the referenced blog, I created the new payload.  I think the key that prevented success for a long time, was that when using CyberChef to URL encode it, you MUST encode all special characters!

    Good luck!

    J

3 Replies

  • I'm experiencing the exact same problem! I've been working on this lab for hours and have tried everything. Despite getting the "Processed: <PAYLOAD>" response each time, I was never able to retrieve token content from /token.txt
    This seems like a systemic issue with the lab environment. Has anyone actually successfully completed this lab recently? 

  • xchenoh​ I'm not sure that this was the point of the lab, but I ended up getting the token by using metasploit since it was installed in the VM. I configured the various options for exploit/multi/http/apache_commons_text4shell and was able to successfully get a reverse shell and read the token.

  • I was also now able to complete this lab using a browser, or using curl in a terminal, both work just as well.

    By combining the Payload Example in the briefing and the reverse shell command in the referenced blog, I created the new payload.  I think the key that prevented success for a long time, was that when using CyberChef to URL encode it, you MUST encode all special characters!

    Good luck!

    J