01-26-2025, 01:54 PM
still nothing anyone ??
Ban reason: Leeching. (Permanent)
|
BigBang a Linux - Hard Machine
by StingEm - Saturday January 25, 2025 at 03:24 PM
|
|
01-26-2025, 02:07 PM
[*] The data:// wrapper works
[*] The php://filter/ wrapper works [+] Exploit preconditions are satisfied [*] Potential heaps: 0x7fa760e00040, 0x7fa760c00040, 0x7fa760400040, 0x7fa75f800040, 0x7fa75d000040, 0x7fa75cc00040, 0x7fa75c600040, 0x7fa75c200040, 0x7fa75b800040, 0x7fa75b200040, 0x7fa75ac00040 (using first) EXPLOIT FAILURE [*] The data:// wrapper works [*] The php://filter/ wrapper works [+] Exploit preconditions are satisfied [*] Potential heaps: 0x7fa760e00040, 0x7fa760c00040, 0x7fa75f800040, 0x7fa75d000040, 0x7fa75cc00040, 0x7fa75c600040, 0x7fa75c200040, 0x7fa75b800040, 0x7fa75b200040, 0x7fa75ac00040 (using first) EXPLOIT FAILURE
01-26-2025, 02:19 PM
so zlib isnt available are there any others that are? my understanding is that you need the zlib filter to get you more buckets so the overflow can work?
is bzip2 on the box that works in the same way. https://www.php.net/manual/en/filters.compression.php
01-26-2025, 02:21 PM
buddyforms looks interesting tbh gonna go look into it more
01-26-2025, 02:32 PM
(01-26-2025, 02:07 PM)gwen12345 Wrote: [*]The data:// wrapper works [*]at least it works till some point.... [*]AttributeError: 'NoneType' object has no attribute 'group'
01-26-2025, 02:43 PM
Did anyone search in /var/www/html/wordpress/wp-config.php with LFI? It gives db creentials and keys.
01-26-2025, 02:46 PM
Credentials to the database which isn't exposed to us, not much help I think
01-26-2025, 02:50 PM
(01-26-2025, 02:43 PM)0xFroggy Wrote: Did anyone search in /var/www/html/wordpress/wp-config.php with LFI? It gives db creentials and keys. Here is the content: /**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the website, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * Database settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://wordpress.org/documentation/article/editing-wp-config-php/
*
* @package WordPress
*/
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** Database username */
define( 'DB_USER', 'wp_user' );
/** Database password */
define( 'DB_PASSWORD', 'wp_password' );
/** Database hostname */
define( 'DB_HOST', '172.17.0.1' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8mb4' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', '(6xl?]9=.f9(<(yxpm9]5<wKsyEc+y&MV6CjjI(0lR2)_6SWDnzO:[g98nOOPaeK' );
define( 'SECURE_AUTH_KEY', 'F<3>KtCm^zs]Mxm Rr*N:&{SWQexFn@ wnQ+bTN5UCF-<gMsT[mH$m))T>BqL}%8' );
define( 'LOGGED_IN_KEY', ':{yhPsf}tZRfMAut2$Fcne/.@Vs>uukS&JB04 Yy3{`$`6p/Q=d^9=ZpkfP,o%l]' );
define( 'NONCE_KEY', 'sC(jyKu>gY(,&: KS#Jh7x?/CB.hy8!_QcJhPGf@3q<-a,D#?!b}h8 ao;g[<OW;' );
define( 'AUTH_SALT', '_B& tL]9I?ddS! 0^_,4M)B>aHOl{}e2P(l3=!./]~v#U>dtF7zR=~LnJtLgh&KK' );
define( 'SECURE_AUTH_SALT', '<Cqw6ztRM/y?eGvMzY(~d?:#]v)em`.H!SWbk.7Fj%b@Te<r^^Vh3KQ~B2c|~VvZ' );
define( 'LOGGED_IN_SALT', '_zl+LT[GqIV{*Hpv>]H:<U5oO[w:]?%Dh(s&Tb-2k`1!WFqKu;elq7t^~v7zS{n[' );
define( 'NONCE_SALT', 't2~PvIO1qeCEa^+J}@h&x<%u~Ml{=0Orqe]l+DD7S}%KP}yi(6v$mHm4cjsK,vCZ' );
/**#@-*/
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/documentation/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
€@CàÐÐøôô>==€@CàÐÐøôô>==€@CàÐÐøôô>==€@
01-26-2025, 03:00 PM
(01-26-2025, 12:10 PM)peterpeter Wrote: The way is RCE with uploadcan u give script and help how to run it
01-26-2025, 03:32 PM
(01-26-2025, 03:00 PM)knownkai Wrote:(01-26-2025, 12:10 PM)peterpeter Wrote: The way is RCE with uploadcan u give script and help how to run it I've been working with it for a while, but I can't seem to get it to work. I've changed the use of zlib, but it still doesn't work. I'll take a break for a bit and then try again later. If I manage to get it working, I'll post it. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| HTB - ARTIFICIAL.HTB - EASY LINUX | 0 | 4,410 |
02-10-2026, 02:12 PM Last Post: |
||
| HTB - CERTIFICATE.HTB - HARD WINDOWS | 0 | 1,786 |
02-09-2026, 04:49 PM Last Post: |
||
| HTB - CONVERSOR.HTB - EASY LINUX | 0 | 1,793 |
02-09-2026, 04:36 PM Last Post: |
||
| HTB - FACTS.HTB - EASY LINUX | 2 | 1,836 |
02-09-2026, 11:02 AM Last Post: |
||
| Cobblestone Hack the Box Season 8 (Linux Insane) | 0 | 1,266 |
08-09-2025, 12:20 PM Last Post: |
||