CVE-2021-25281 (SaltStack) – Offensive
Need tips to get going with this, information on the exploit is sparse. I have the port, just need some help creating the correct command line. Not much out there on the internet on this. I have tried variations on commands like this: python3 poc.py http://10.102.178.147:8000 state whoami python3 poc.py http://10.102.178.147:8000 ssh id_rsa.pub (after generating the keys with "ssh-keygen -t rsa")
CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11
Hey guys, wondering if when trying to upload the payload for "Question 11: In a browser, visit http://<TARGET_IP>:8080, upload the payload.docx file, then press Submit and Execute" if this error is supposed to be generated. After choosing the file after clicking browse sometimes this work. After executing nothing seems to happen though. even after 30 seconds of waiting.CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?Terrapoint (Hats off, Immersive Labs)
Small clues about the labs I consider most important, after solving all of them: Norway and Rwanda; but this is just the beginning of your journey :). Because for the others in the collection, I want to think that you are capable of looking up a phone number: right? ;). The most evil labs, Norwegians and Rwandans ones (in my opinion): In both cases, you must make the most of every pixel in the image provided: such as signs, symbols, and landmarks; once you have done so, try to find out where you really are!. And that's how I won them over: study where that road begins and ends... and simply let yourself be carried away by it, kilometer by kilometer. Tip: don't trust primary sources, they are wrong!: for example, on the main roads of that African country.
CVE-2021-25281 (SaltStack) – Offensive
I've tried every way I can think of to use the python script for this lab. Here's and example using the state option: I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question
I have managed to find the answer to Questions 1-4 of this lab, however I can't seem to identify the answer to the final question (Question 5 - What is the token?). I have run the binary and I get the “You have not met the requirements” message. I understand that there is an some type of execution error within the binary that I must correct for it to work properly however I have not been able to locate the error in order to analyze it and attempt to correct it. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance. I am not getting a prompt to provide the password. I am not seeing the prompt to use the calculator to find the answer to the calculation that is presented. I can see that there is a reference to a token.txt file but I can’t seem to get access to the file to determine what the token value is.Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2
I have run into a challenge with Question 3 on this lab. I can't seem to get the appropriate md5 hash value for the .text section to correctly answer this question. I feel that I am close but slightly off on one of the mandatory calculations. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance.C++ Stack Overflow Purple Belt
Hello Community, I am stuck on Exploitation Development: Stack Overflow Part 2 lab. I have already determined how many characters are needed to overwrite the return address and also the location of win function. But I have not been able to construct the payload to enter it into the program to capture the flag. If someone could give some advise on this. It would be very appreciated. Best Regards
