Skip to main content

Not getting Shell on Mr.Robot CTF on TryHackMe?




Well, this was my first machine on THM and I pulled my hairs on not getting the shell when I was doing all the stuff just right.

It was Mr.Robot's CTF, I tried literally everything to get the shell, I tried PHP reverse shell, meterpreter session, metasploit's wp_admin module, malicious Wordpress plugins but of no avail.

I turned to TryHackMe's discord server to check what am I doing wrong, what came out was very funny and frustrating at the same time 😅

Lets take an example of PHP Reverse Shell, when you submit the PHP shell code in 404.php page, you have to configure two things, one is your IP(LHOST) and other is your Port. I was putting my eth0/wlan0's IP address into the LHOST and I was never getting anything back on netcat. As TryHackMe uses OpenVPN proxy to connect to their server so your eth0/wlan0's IP is not your LHOST, after connecting to OpenVPN, run IP address command and use the tun0 IP address, this is your listening host aka LHOST. Alternatively you can go on TryHackMe's Access Page, the IP mentioned there under "Internal Virtual IP Address" can also be used. This was a minor mistake but it wasted some hours of mine. Now you'll be able to listen on netcat and get a shell through PHP shell code. ❤
Labels:

Comments

Post a Comment

Popular posts from this blog

Hacker 101 CTF Walkthrough: Petshop Pro

I am back with another walkthrough to one of the  HackerOne 's CTF Petshop Pro . Let's look at the interface of this web page.
Post a Comment
Read more

Kali Linux 2020.1 tty1 ERROR

I found a horrible error when I installed the latest version of Kali Linux on one of my machines, after installing the OS when I started it, it booted into a black screen which asked for my login credentials without any GUI. It is heartbreaking to see problems right away in a freshly installed operating system but after some Googling, I dug out the solution which I will share with you here.  Steps to solve No GUI tty1 Error in Kali Linux 1. First log in with your user credentials 2. Write command:  cd / 3. Write command: cd etc/ 4. Write command: cd apt/ 5. Write command: cat sources.list After step 5, you will see something like this: As you can see, no repositories are mentioned here so obviously we'll have to add kali official repositories to this file.  6. Write command: sudo nano sources.list 7. Write your password 8. Now add the following repositories at the end of the editable file which is opened on the terminal: deb h...
Post a Comment
Read more

Hacker101 CTF Walkthrough: A little something to get you started

So here is my first walkthrough for you guys and that will be the easiest of the lot, this is the first CTF available on HackerOne.com What I like about HackerOne is that they give you private invitations to programs based on your performance in CTFs so I guess doing CTFs on HackerOne (honestly) will be worth your time and effort. Let's Start! By clicking on this CTF you get to the page which looks something like this It's a blank page with zero interactivity, so our first bet will be to check the page source of this page by Ctrl +U There is absolutely nothing in the page source apart from some plain text in the body and an image which is mentioned in url()  so why not give this image a try in URL like this and boom..!! Here is your flag!  It was that simple, believe me, you'll not get simpler CTF than this, it was just to get your hands a bit dirty. Good luck. P.s I have hidden the flag so that one just don't copy/paste the flag but you...
Post a Comment
Read more