[FREE] HTB Zipping - DETAILED WRITE-UP
by Mandelio - Monday August 28, 2023 at 12:55 AM
#61
Thank you Smile
Reply
#62
Yes, How am i get 8 credit? need write a post or buy the credit?
Reply
#63
This method not working anymore or am i stupid ? i literally tried every thing
Reply
#64
(10-02-2023, 04:19 PM)Alnea Wrote: This method not working anymore or am i stupid ? i literally tried every thing


realmente não funciona mais, integraram um patch na maquina que faz a verificação correta do arquivo php, não que essa vulnerabilidade não funcione mais, só não ta subindo shell.
Reply
#65
What's the new method ?
Reply
#66
doesn't work for me... get's stuck at triggering revshell

(08-30-2023, 07:01 AM)Mandelio Wrote: For some reason obscure to me, the content of the post containing the autopwn script is litterally invisible, I'll repost and hopefully this time it won't disappear...

The programming style is very simple to read as it follows the principle of single responsibility functions, I've also included some prints to make the whole process more understandable.
The only external dependency required is pwntools which is pretty common so it shouldn't be a problem.

Here's a demo
python auto_pwn.py [+] Revshell payload written at [...] [...] Uploading zip file... [+] Successfully uploaded zip file, revshell available at [...] [+] Got revshell as rektsu! Creating shared object... [+] Source code for shared object written at [...] [+] Shared object compiled, written at [...] Uploading shared object via base64... Exploiting the binary... [+] Successfully got root! root@zipping# id uid=0(root) gid=0(root) groups=0(root) root@zipping# ls -la total 12 drwxr-xr-x 2 rektsu rektsu 4096 Aug 28 08:26 . drwxrwxr-x 3 root  rektsu 4096 Aug 28 08:26 .. -rw-r--r-- 1 rektsu rektsu  117 Aug 28 08:26 [...] root@zipping#
Note that [...] only means that the content was censored, it doesn't actually print that.

Without further ado, here's the autopwn script!
Reply
#67
(08-30-2023, 07:01 AM)Mandelio Wrote: For some reason obscure to me, the content of the post containing the autopwn script is litterally invisible, I'll repost and hopefully this time it won't disappear...

The programming style is very simple to read as it follows the principle of single responsibility functions, I've also included some prints to make the whole process more understandable.
The only external dependency required is pwntools which is pretty common so it shouldn't be a problem.

Here's a demo
python auto_pwn.py [+] Revshell payload written at [...] [...] Uploading zip file... [+] Successfully uploaded zip file, revshell available at [...] [+] Got revshell as rektsu! Creating shared object... [+] Source code for shared object written at [...] [+] Shared object compiled, written at [...] Uploading shared object via base64... Exploiting the binary... [+] Successfully got root! root@zipping# id uid=0(root) gid=0(root) groups=0(root) root@zipping# ls -la total 12 drwxr-xr-x 2 rektsu rektsu 4096 Aug 28 08:26 . drwxrwxr-x 3 root  rektsu 4096 Aug 28 08:26 .. -rw-r--r-- 1 rektsu rektsu  117 Aug 28 08:26 [...] root@zipping#
Note that [...] only means that the content was censored, it doesn't actually print that.

Without further ado, here's the autopwn script!

Just what I was looking for
Reply
#68
hello I published a writeup just finished the box
https://medium.com/@motii.anas/htb-zippi...3fb4feab31
Reply
#69
thanks for sharing
Reply
#70
Thanks bro
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 22 3,807 06-25-2026, 02:15 PM
Last Post: hashxyz
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 19 4,059 06-25-2026, 12:30 PM
Last Post: hashxyz
  [FREE] CPTS 12 FLAGS pulsebreaker 60 2,942 06-24-2026, 04:35 PM
Last Post: subscribar60
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 90,573 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 4,111 03-28-2026, 03:30 AM
Last Post: lulaladrow



 Users browsing this thread: 1 Guest(s)