I am stuck on Task 3: Exploit a vulnerable file server on web.prod.local. Any guidance would be appreciated
I know the server is Rejetto HttpFileServer httpd 2.3 after enumeration and using remote port forwarding. Also setup the autoroute through Meterpreter so can ping it from the first compromised host, mail.server.local. Been trying to use the rejetto_hfs_exec metasploit module, i’ve tried a bind shell and a reverse_tcp shell but am unable to exploit web.prod.local. Can someone explain to me what I am doing wrong please
I have the same issue. I’ve tried attacking web.prod.local in every possible way, but nothing works.
I thought there might be a problem with the lab, so I contacted support, but they told me everything is working fine and that the rejetto_hfs_exec module is not the correct method.
I’ve been struggling with this one as well. I have used both different rejetto exploits. With different payloads, tried it with proxies and with port-forwarding.
No matter what I do it seems I am never able to get a shell. I have reached a point where I am not sure what I am supposed to be trying next anymore.
I tried my hand at it again today. I fiddled around with a more responsive version of the correct rejetto exploit for a bit, to confirm it worked properly. And it did, so the flaw was with how I used it in metasploit somewhere. I ended up using a reverse shell to get access.
This is the portfwding I used to get a connection back.
portfwd add -R -L kaliIP -l kaliport5555 -p pivotport6666
I have a feeling this may not have been the intended way to do it, but for the life of me I could not get a bind_tcp to work.
This Thread is a bit old, and I would like to think you all have already passed this skills check, but I will write this for anyone searching this up in the future, cuz they’re stuck xD, since I just solved it.
So instead of using Metasploit to exploit it, search online for a downloadable exploit that might work
Keep at it, and if you have any more questions, please message me.
hope that help i run the sendemail task direcly in and dont try an exe. its blocked directly it worked on my side with .hta > and the listener i set up was not working with msfconsole so i try it with the normal nc -lvnp 4444
hope that helps. rg, tom
Thank you for providing the guide above for task 2. I passed task 2 but now I still have no clue on how to work on task 3…
I tried these following command to set up socks proxy and nmap with proxy chain.
Summary
run autoroute <web.prod.local’ip>-s /20
search socks_proxy
use 0
set SRVPORT 9050
set VERSION 4a
exploit
jobs
proxychains nmap web.prod.local -sT -Pn -F
portfwd add -R -L -l 5555 -p 6666
the nmap only show http on 80 for web.prod.local, how do you guys know it is rejetto?
And I tried rejetto_hfs_rce_cve_2024_23692, but not sure which payload should I use and what config should I use, how should I proceed?
i try everthhing i get access internal network machine but cannot exploit it through i also use this connection back did not get a shell. and for lateral pivoting chapter i seethat two three vide ppivot vi and pivot 1 and solve that but cannot solve this one not get a shell.
Hi, I managed to capture the flag3 using an exploit and proxychains but i wasn’t able to spawn a meterpreter from the rejetto RCE. Can you please help me? I’m stuck
