Rocket Chat
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Ikiwa wewe ni admin ndani ya Rocket Chat unaweza kupata RCE.
Nenda kwenye Integrations
na uchague New Integration
na chagua yoyote: Incoming WebHook
au Outgoing WebHook
.
/admin/integrations/incoming
Kulingana na docs, zote zinatumia ES2015 / ECMAScript 6 (kimsingi JavaScript) kuchakata data. Hivyo hebu tupate rev shell kwa javascript kama:
Sanitize WebHook (kanali na chapisho kama jina la mtumiaji lazima kuwepo):
Sanitize skripti ya WebHook:
Hifadhi mabadiliko
Pata URL ya WebHook iliyoundwa:
Itumie curl na unapaswa kupokea rev shell
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)