CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11
Hey guys, wondering if when trying to upload the payload for "Question 11: In a browser, visit http://<TARGET_IP>:8080, upload the payload.docx file, then press Submit and Execute" if this error is supposed to be generated. After choosing the file after clicking browse sometimes this work. After executing nothing seems to happen though. even after 30 seconds of waiting.
CVE-2021-25281 (SaltStack) – Offensive
Need tips to get going with this, information on the exploit is sparse. I have the port, just need some help creating the correct command line. Not much out there on the internet on this. I have tried variations on commands like this: python3 poc.py http://10.102.178.147:8000 state whoami python3 poc.py http://10.102.178.147:8000 ssh id_rsa.pub (after generating the keys with "ssh-keygen -t rsa")CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?
CVE-2021-25281 (SaltStack) – Offensive
I've tried every way I can think of to use the python script for this lab. Here's and example using the state option: I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question
I have managed to find the answer to Questions 1-4 of this lab, however I can't seem to identify the answer to the final question (Question 5 - What is the token?). I have run the binary and I get the “You have not met the requirements” message. I understand that there is an some type of execution error within the binary that I must correct for it to work properly however I have not been able to locate the error in order to analyze it and attempt to correct it. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance. I am not getting a prompt to provide the password. I am not seeing the prompt to use the calculator to find the answer to the calculation that is presented. I can see that there is a reference to a token.txt file but I can’t seem to get access to the file to determine what the token value is.Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2
I have run into a challenge with Question 3 on this lab. I can't seem to get the appropriate md5 hash value for the .text section to correctly answer this question. I feel that I am close but slightly off on one of the mandatory calculations. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance.CVE-2024-23692 (Rejetto HFS Template Injection) – Offensive
I'm stuck on the last question, number 8. Any help would be appreciated. I feel like I have tried numerous combinations with the query they provide, with no success. What's the full file path to the executable used to run the Rejetto server on the victim machine?
