CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!
CVE-2021-25281 (SaltStack) – Offensive
I've tried every way I can think of to use the python script for this lab. Here's and example using the state option: I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question
I have managed to find the answer to Questions 1-4 of this lab, however I can't seem to identify the answer to the final question (Question 5 - What is the token?). I have run the binary and I get the “You have not met the requirements” message. I understand that there is an some type of execution error within the binary that I must correct for it to work properly however I have not been able to locate the error in order to analyze it and attempt to correct it. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance. I am not getting a prompt to provide the password. I am not seeing the prompt to use the calculator to find the answer to the calculation that is presented. I can see that there is a reference to a token.txt file but I can’t seem to get access to the file to determine what the token value is.CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11
Hey guys, wondering if when trying to upload the payload for "Question 11: In a browser, visit http://<TARGET_IP>:8080, upload the payload.docx file, then press Submit and Execute" if this error is supposed to be generated. After choosing the file after clicking browse sometimes this work. After executing nothing seems to happen though. even after 30 seconds of waiting.
CVE-2021-25281 (SaltStack) – Offensive
Need tips to get going with this, information on the exploit is sparse. I have the port, just need some help creating the correct command line. Not much out there on the internet on this. I have tried variations on commands like this: python3 poc.py http://10.102.178.147:8000 state whoami python3 poc.py http://10.102.178.147:8000 ssh id_rsa.pub (after generating the keys with "ssh-keygen -t rsa")Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2
I have run into a challenge with Question 3 on this lab. I can't seem to get the appropriate md5 hash value for the .text section to correctly answer this question. I feel that I am close but slightly off on one of the mandatory calculations. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance.
