Rocket Chat
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking:
HackTricks Training GCP Red Team Expert (GRTE)
RCE
Ikiwa wewe ni admin ndani ya Rocket Chat unaweza kupata RCE.
Nenda kwenye
Integrations
na uchagueNew Integration
na chagua yoyote:Incoming WebHook
auOutgoing WebHook
./admin/integrations/incoming
![](https://book.hacktricks.xyz/~gitbook/image?url=https%3A%2F%2F3018635170-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FCtGnfY5n0YCGcWtBkgwe%252Fuploads%252Fgit-blob-fce3191e91d7c184b2b75e07d47be5ec4f98bff3%252Fimage%2520%28266%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1e2623ed&sv=1)
Kulingana na docs, zote zinatumia ES2015 / ECMAScript 6 (kimsingi JavaScript) kuchakata data. Hivyo hebu tupate rev shell kwa javascript kama:
Sanidi WebHook (kanali na chapisho kama jina la mtumiaji lazima kuwepo):
![](https://book.hacktricks.xyz/~gitbook/image?url=https%3A%2F%2F3018635170-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FCtGnfY5n0YCGcWtBkgwe%252Fuploads%252Fgit-blob-bbff6c5f4ab0ed17241ca5540c530e4ec4cd7d49%252Fimage%2520%28905%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2673045e&sv=1)
Sanidi skripti ya WebHook:
![](https://book.hacktricks.xyz/~gitbook/image?url=https%3A%2F%2F3018635170-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FCtGnfY5n0YCGcWtBkgwe%252Fuploads%252Fgit-blob-163b502deb9aecff582ab6f262e8153e3bff5404%252Fimage%2520%28572%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a10d2b25&sv=1)
Hifadhi mabadiliko
Pata URL ya WebHook iliyoundwa:
![](https://book.hacktricks.xyz/~gitbook/image?url=https%3A%2F%2F3018635170-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FCtGnfY5n0YCGcWtBkgwe%252Fuploads%252Fgit-blob-eb57ea914240b4f2d2c6c1137712561d6c4b6a90%252Fimage%2520%28937%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=fc028779&sv=1)
Itumie curl na unapaswa kupokea rev shell
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:
HackTricks Training GCP Red Team Expert (GRTE)
Last updated