Web App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive
Hey all,
Anyone have any luck with CVE-2022-42889 (Text4Shell) – Offensive? The first few questions were easy enough, but I have spent hours on the last one trying to get the token. On the attacker server, I can setup the listener, I don't believe my problem is there.
I have tried many variations of URL encoding and various nc commands in the payload including ones similar to the blog post. If any one has any suggestions I would love to hear them!
Thanks.
J
I was also now able to complete this lab using a browser, or using curl in a terminal, both work just as well.
By combining the Payload Example in the briefing and the reverse shell command in the referenced blog, I created the new payload. I think the key that prevented success for a long time, was that when using CyberChef to URL encode it, you MUST encode all special characters!
Good luck!
J