Return to forum

LaLisa · May 8, 2022 at 7:05 PM

Anyone help me with user

just4htb1337 · May 8, 2022 at 7:31 PM

(May 8, 2022, 06:37 PM)Exa Wrote: So I think I got code execution. My test.md file contains:

a'; sleep 10; echo 'a

Nice one :idea:

(May 8, 2022, 07:05 PM)LaLisa Wrote: Anyone help me with user

Where are you stuck?

LaLisa · May 8, 2022 at 7:42 PM

Got XSS and secret i can't get in as blue

Exited3n · May 8, 2022 at 7:48 PM

(May 8, 2022, 07:42 PM)LaLisa Wrote: Got XSS and secret i can't get in as blue

flask-unsign --sign --cookie "{'logged_in': True, 'username': 'blue'}" --secret 'secret123' --legacy

https://github.com/Paradoxis/Flask-Unsign

LaLisa · May 8, 2022 at 7:50 PM

But how did you guys get blue as user ..??

Truss46 · May 8, 2022 at 7:52 PM

this could be interesting for user shell
'md-to-pdf exploit'

https://security.snyk.io/vuln/SNYK-JS-MDTOPDF-1657880

swampyuk · May 8, 2022 at 7:53 PM

(May 8, 2022, 07:50 PM)LaLisa Wrote: But how did you guys get blue as user ..??

There's a different error message between 'users that don't exist' and 'users that exist and you got the password wrong'

So I enumerated the users, using https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/names.txt as a source.

hackerman · May 8, 2022 at 7:55 PM

(May 8, 2022, 07:52 PM)Truss46 Wrote: this could be interesting for user shell
'md-to-pdf exploit'

https://security.snyk.io/vuln/SNYK-JS-MDTOPDF-1657880

I mentioned this earlier

Truss46 · May 8, 2022 at 7:56 PM

what is the next step for root?

Exited3n · May 8, 2022 at 8:03 PM

(May 8, 2022, 07:56 PM)Truss46 Wrote: what is the next step for root?

There was a hint that this was a mysql. Exploring this moment now