Help Q2 - Tuoni 101: Ep.5 – Demonstrate Your Skills
Looking for some help with the Tuoni 101: Ep.5 Q2. The following method is given to gain initial access: "To gain an initial foothold, you'll need to use the Hosted files page to host an executable. Any file hosted using that method will be run once on the initial target. Once executed, it'll be removed from the hosted files page." I tried this one and wasn't able to get the initial access. I tried originally using the default reverse HTTP listener and generating an x64 .exe file and hosting it on the "Files" tab and waited 5 minutes. As this didn't work I tried an x86 payload. This didn't work so I created a new HTTP listener and tried both approaches. After this didn't work, I generated all payload types for the reverse_HTTP and reverse_TCP listeners and hosted them as files and still didn't have any success. Any ways to get the payload to execute would be greatly appreciated.
Web App Hacking (Lab series): CVE-2022-2143 (iView2)
Hello all, I have spent way to long trying to complete the iView2 exploit. I was expecting a text box on the page for command entry, but I cannot get anything like that. I have been able to send a post request to the NetworkServlet page using the provided exploit string and I know that the test.jsp is created because I can use the query parameter ?cmd=whoami and I get the mysqldump output showing "nt authority \system". I cannot get any other query parameters to execute, even simple ls or dir commands. I found y4er's blog post and everything I see in terms of the syntax of the exploit appears to be identical to the lab. Any directions/suggestions/hints would be greatly appreciated! Thanks in advance. JS3: Demonstrate Your Skills
I have completed all 10 questions except question 6. 6. Access control Create an access point (AP) called metrolio-dev-ap attached to the metrolio-data-467e6352 bucket. This should allow developers working in the dev vpc vpc-08333ea4fc7562479 using the role arn:aws:iam::447645673093:role/metrolio-developer to list and get all objects in the bucket. Ensure you follow best practices of blocking public access. NOTE: AWS often faces internal errors – we believe these to be race conditions – when applying policies to new access points. You may need to re-apply the policy to the AP. I have re-applied the Access Point policy several times but still is not detected. I’m not sure if it is my Access Point policy or the AWS Immersivelabs that is at fault. Any help would be greatly appreciated. This is my Access Point Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::447645673093:role/metrolio-developer" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap/object/*", "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap" ], "Condition": { "StringEquals": { "aws:SourceVpc": "vpc-08333ea4fc7562479" } } } ] } I tried to replicate similar permissions on bucket policy only to be denied by restrictive permission. NOTE: Account ID, Bucket names and few other identifiers do not match between screenshot 1-2 and screenshot 3. The screenshot 3 is from different attempt.
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2
I have run into a challenge with Question 3 on this lab. I can't seem to get the appropriate md5 hash value for the .text section to correctly answer this question. I feel that I am close but slightly off on one of the mandatory calculations. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance.APT29 Threat Hunting with Splunk Ep.11 Q11
What other value was set on the same key to facilitate the bypass. Searching on the key, there's only one log entry. I'm not clear on what "other value" means. I've tried all the file paths referenced in that log entry, different parts of the registry key, parts of the script that executes, even the cat.png file. What am I missing?
