This works for python3 but you have to add ( ) brackets to every line that starts with print or cprint. Luckily, there are only 4-5 lines that need this. For example, the script might say: print "blah blah" __ these need to be changed to say: print ("blah blah")
Yeah I fixed all that but I still got errors in the script when it tried to call on previous functions. Gave up in the end and used python2 to run the script. Which still didn't work as it just ends up spitting out 11111111...
I did that but unfortunately it gave me a UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 923: invalid continuation byte error. do you know the specific syntax to tackle this error?
love the walkthroughs, but is it possible to see what you do when you go on the breaks... often times, we get stuck too there and we dont actually see what happened... for example, the cve with the whole python2 and python 3 thing. would have loved to see if we could have ran that python3 and what we needed to do... but maybe that cve doesnt work on python3. Thanks again!
Thankyou for the vid! Is this supposed to be the most simple CTF on TryHackMe? There seems to be a lot of prequired knowledge in here before you could get close to tackling it. What would you suggest learning first to be able to do these CTFs? I have a good understanding of the linux fundamentals, know about nmap, but every CTF there seems to be something unknown. Any help much appreciated! Cheers!
Hey Dark, great video!. Just yesterday I did the same room, but I had problems with the installation of the termcolor because, as u know, python2 is no longer maintained. So, I couldn't install that. What I did as a walkthrough was editing the code to change a few things to make it available for python3. and it worked. !! Good luck and keep doing it !!
First I went to IP/simple/admin which directed me to a login page, then I used the forgot password functionality to find that there was a user named mitch, finally I used burpsuite intruder to find the password as secret. I didn't even try the exploit as I had already discovered all this before even needing to look for one. I remembered the text to mitch saying the password was weak so I just thought a simple brute force would be sufficent.
Yeah, I can't even get to download that requests module and even if I try using python3 it just says: Requirement already satisfied: requests in /usr/lib/python3/dist-packages...
i got a "Entering Extended Passive Mode (|||40556|)" when trying to 'ls' after ftp(IP). everything looks the same as his, but it tries to open on port 40556. what am i doing wrong?
Video would be better if you normalized the audio, it's hard to hear clearly at times. Also, could you select the text when you are mentioning something on the code? Thanks!
I had to use the password you brute forced the python script never ran for me. it would go through the steps and then NOT display the output. and I've never seen a priv esc with vim before so that was cool. Thanks for the help
This works for python3 but you have to add ( ) brackets to every line that starts with print or cprint. Luckily, there are only 4-5 lines that need this. For example, the script might say: print "blah blah" __ these need to be changed to say: print ("blah blah")
Yeah I fixed all that but I still got errors in the script when it tried to call on previous functions.
Gave up in the end and used python2 to run the script. Which still didn't work as it just ends up spitting out 11111111...
I did that but unfortunately it gave me a UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 923: invalid continuation byte error. do you know the specific syntax to tackle this error?
Bro, you saved me. Thank you
Thanks for the tip, I was stuck at that part until I saw your comment.
Excellent video DarkSec! Thank you very much because it helped me to tackle this task with confidence and whole-understanding.
How did you guess immediately that you'll need to use an sqli vulnerability?
I think the same
love the walkthroughs, but is it possible to see what you do when you go on the breaks... often times, we get stuck too there and we dont actually see what happened... for example, the cve with the whole python2 and python 3 thing. would have loved to see if we could have ran that python3 and what we needed to do... but maybe that cve doesnt work on python3. Thanks again!
Your challenge helps me to learn lots of new things. Thank you so much.
Thankyou for the vid! Is this supposed to be the most simple CTF on TryHackMe? There seems to be a lot of prequired knowledge in here before you could get close to tackling it. What would you suggest learning first to be able to do these CTFs? I have a good understanding of the linux fundamentals, know about nmap, but every CTF there seems to be something unknown.
Any help much appreciated! Cheers!
Same here bro! How is your journey going now?
@ not toooo bad but haven’t found the answer yet. I’ve been using picoCTF which has been good for more simple ones, I recommend that. How about you?
@@quinkydinkend I am currently doing the Junior Pentester in thm. I get bored with the information, but I try to push through it.
Hey Dark, great video!. Just yesterday I did the same room, but I had problems with the installation of the termcolor because, as u know, python2 is no longer maintained. So, I couldn't install that.
What I did as a walkthrough was editing the code to change a few things to make it available for python3. and it worked. !!
Good luck and keep doing it !!
Thanks so much!!! :D
Wow can you give ur modified code
I was strucked with term color
@@RX_100.0 same i also stuck in termcolor
Good by me, as long as people are helped (and there's no blatant advertising) I'm happy :)
@@thecyberkratos7056 I can't see the post I wrote with the link, but is the following guys!
shorturl .at/fouzZ
i cant run ls command it enters passive mode and even if i disable it, it just says no connection
Great video! It's very informative. It requires a lot of knowdlege about tools which and how to use. Thanks for showing the way.
you made me question my brain existence
same here
me tooooo
я в ахуе
Lol it's the same person commenting each time 😂
thanks! was very helpful. Greetings from Argentina!
if somebody get stuck on python2 version issue, just open the exploit file and replace all print statements with print(), and all good.
how did u know that data that u got from exploit CMS was tha same data to enter on SSH, because CMS data was a data to enter on interface web
I have wifi connexion in my pc but the vm in tryhackme won't work , any solution please
First I went to IP/simple/admin which directed me to a login page, then I used the forgot password functionality to find that there was a user named mitch, finally I used burpsuite intruder to find the password as secret. I didn't even try the exploit as I had already discovered all this before even needing to look for one. I remembered the text to mitch saying the password was weak so I just thought a simple brute force would be sufficent.
also brute force of ssh port would give a password
Dark keep it up 💪
i am unable to scan the ip using nmap
can someone help me? i am trying to scan it from my parrot virtualmachine
I tried using the python2 exploit file but it wasn't working 😭 someone should send help
Where’d you get ip from still so confused
600th view!
And thank you for making this video
This exploit is not working on my machine every time i run script it give me some random Salt for password username and email and password.
me too, did you solve it?
I found it easier to update the python script to python3. It ran fine in Kali.
Great Content love learning this !
Appearently the exploit doesn't work anymore, it just spits out "111111111111111111....." for the username until you stop it :/
Yeah, I can't even get to download that requests module and even if I try using python3 it just says: Requirement already satisfied: requests in /usr/lib/python3/dist-packages...
@@filipbrom3322 use a virtual environment
apparently in my case it gives a terrible UnicodeDecodeError :/
ive tried installin python2 -m pip install termcolor and didnt workit... it is in python3 but python3 doesnt work with this cve
use 2to3 , it will convert the script to python3
@@xqcupdate ty bro it worked, this python2 is so garbage
modified the cve and every print or cprint close with () run it with python3 e.i. print ("work") or cprint ("work")
it gave me a UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 923: invalid continuation byte! , can anyone help me with it?
good stuff dark!!
nice video however i wasn't able to run the exploit with python2 so I converted the code to python3 by adding () to the prints
i got a "Entering Extended Passive Mode (|||40556|)" when trying to 'ls' after ftp(IP). everything looks the same as his, but it tries to open on port 40556. what am i doing wrong?
What u can do is
Type passive after loging in as anonymous
Then dir
Followed by ls
U might also wanna type binary to execute it
@@srishtichoudhury8575 just type "passive" in ftp terminal
Thanks man 🖤👏
thank you sir
Video would be better if you normalized the audio, it's hard to hear clearly at times. Also, could you select the text when you are mentioning something on the code? Thanks!
Dark 😁 remember me? 😅
I had to use the password you brute forced the python script never ran for me. it would go through the steps and then NOT display the output. and I've never seen a priv esc with vim before so that was cool. Thanks for the help
the exploit dont show username, password and email