Maybe nosql or deserialization in cookie??

The only vulnerables thing in modsec is DoS and a waf bypass with 1.e('') that it's not interesting in our case becouse we just login inside that under costruction portal !

i think it's somthing inside nodejs !

full write up for the user with 5$ telegram: @bl1ck1337

I managed to get a shell for the webster user. Stuck. can anyone help me out?

(September 11, 2022, 06:07 AM)pra Wrote:

(September 11, 2022, 05:38 AM)freshcredz Wrote: I just saw this https://github.com/hackthebox-writeups/Sekhmet-HackTheBox-Writeup

Nice try ROFL
Don't fucking use his script
Here's what it actually does: https://gist.githubusercontent.com/wqv1/d4f35b9f34589db801ee30fd3fa3ed60/raw/d5dc0ca3234d983f9e4a732ff36bb498a9806216/z

this link dosent work

any one has this exploit?

CVE-2022-3506?

:D rooted

(September 13, 2022, 08:31 AM)dumpster Wrote: :D rooted

Wow. Nice

(September 13, 2022, 05:44 AM)samhub123 Wrote: I managed to get a shell for the webster user. Stuck. can anyone help me out?

Hey how you get shell?

I tried many exploits ! on the cookie i tried to inject a shellcode with eval! as parameter in profile with {} i also tried to know if the systeminformation(npm) packeage was installed becouse of the vuln inside [] no array = exec command! lol

So i don't know.. i think we have to bypass the modsec for sure

Try  http://portal.windcorp.htb/.git/HEAD  as example (even from admin). You'll be blocked by ModSecurity.
So even if there is something there like git repo or any interesting files, we simply blocked  by this waf.

Need to find a way to baypass it before gobuster or ffuf. I think there is something in there. ModSec seems to be on purpose here :)