TUTORIAL HTB Love [DISCUSSION!!]
by En3rypt3D - May 01, 2021 at 07:29 PM
#1
Hello,
Its just discussion on htb machine Love ip:-10.10.10.239
OS:- Windows
Reply
#2
i understand its about ssrf and vhost any other lead ???
Reply
#3
You can get a connection back by going to the subdomain and scanning a php-rev shell
Reply
#4
can see that but not sure of how to get phpshell to not  render
Reply
#5
(May 01, 2021 at 08:59 PM)JustMeAndYou Wrote: You can get a connection back by going to the subdomain and scanning a php-rev shell
can you elaborate it.................
Reply
#6
(May 01, 2021 at 09:20 PM)En3rypt3D Wrote:
(May 01, 2021 at 08:59 PM)JustMeAndYou Wrote: You can get a connection back by going to the subdomain and scanning a php-rev shell
can you elaborate it.................

Find the subdomain staging.love.htb and it's a file scanning service.  scan a PHP file from your machine HTTP://yourip:port/pathtoshell/ and open a listener
Reply
#7
im having trouble with the rev shell, its grabbing it but just rendering it on the page, no connectback
Reply
#8
Same with me. Sometimes in the source but no rev connection. Any specific rev shell?
Reply
#9
(May 01, 2021 at 09:36 PM)chilly Wrote: im having trouble with the rev shell, its grabbing it but just rendering it on the page, no connectback

listening on [any] 1234 ...
connect to [10.10.xx.xx] from (UNKNOWN) [10.12x.121.x] 64376
GET /love/revshell.asp HTTP/1.1
Host: 10.10.xx.xx:1234
Accept: */*

PHP, exe and as you can see asp shells all connect back but you lose the shell as soon as you type a command, not sure if this is the right way.

(May 01, 2021 at 09:40 PM)wizardhulk Wrote: Same with me. Sometimes in the source but no rev connection.  Any specific rev shell?

No I've tried a few all the same outcome, I used Seclists first then Kali's Laundaum PHP shell.
Reply
#10
(May 01, 2021 at 09:36 PM)chilly Wrote: im having trouble with the rev shell, its grabbing it but just rendering it on the page, no connectback

- enter local url in file scan "http://127.0.0.1:5000/"
- get admin credentials for votesystem
- login in into votesystem as admin love.htb/admin/index.php
- create new candidate and upload php reverse shell in the image field
- profit???
Reply
#11
(May 01, 2021 at 09:42 PM)expos Wrote:
(May 01, 2021 at 09:36 PM)chilly Wrote: im having trouble with the rev shell, its grabbing it but just rendering it on the page, no connectback

- enter local url in file scan "http://127.0.0.1:5000/"
- get admin credentials for votesystem
- login in into votesystem as admin love.htb/admin/index.php
- create new candidate and upload php reverse shell in the image field
- profit???

It doesn't allow to select position so you can't upload, any help there.
Reply
#12
(May 01, 2021 at 09:54 PM)JustMeAndYou Wrote:
(May 01, 2021 at 09:42 PM)expos Wrote:
(May 01, 2021 at 09:36 PM)chilly Wrote: im having trouble with the rev shell, its grabbing it but just rendering it on the page, no connectback

- enter local url in file scan "http://127.0.0.1:5000/"
- get admin credentials for votesystem
- login in into votesystem as admin love.htb/admin/index.php
- create new candidate and upload php reverse shell in the image field
- profit???

It doesn't allow to select position so you can't upload, any help there.

inspect source code and remove the required attribute ???
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB pivotapi [DISCUSSION] pheonix2021 12 1,363 34 minutes ago
Last Post: Wp1MzFJ
TUTORIAL HTB Fortress Synacktiv (DISCUSSION) pheonix2021 18 3,356 Yesterday at 11:57 AM
Last Post: teksius
TUTORIAL HTB: "Love" - Complete Writeup quas4r 10 2,417 Yesterday at 10:55 AM
Last Post: DarkEvenger

 Users browsing this thread: 2 Guest(s)