hey guys,
I haven’t found any other topic on this machine. Quick question for those who are working on it right now: have you managed to bypass the “Hxxxxx detected” protection? I’ve been playing around with the headers and the POST request but haven’t managed to pop anything valuable so far.
Any nudge is more than welcome! Thanks :slight_smile:

@Tejmal you did not find any topics on this machine because it was just released yesterday. Spend some time on it before asking for nudges. Everyone is at the same position with you.

Hola guys, if some1 has done it could pls pm me? I have found some interesting content but struggling to figure out how to use these info… Thank ya

that box is a real crap

I mean pain

Nothing a good laxative cant fix

@Booj said:
Nothing a good laxative cant fix
loll, yeah, but i see light in the tunnel

@CiccioPas check DM

i’d give this thread a little bump, because i’m a bit stuck. W/o spoilers I can read the files, and I have an idea for the RCE but that “extension” stops me from doing so. Can someone give me a little hint?

Thank you!

You’re on the right track, only thing I’d suggest is you research ALL possible ways to do it.

maxletter, I have gotten to the point as you, what to share notes and see what we can up with together?

@Paradoxxs sure, PM me! :wink:

@blobbo if i’m guessing it right, and w/o spoilering further. Am I on the right track if I say, this is going to be a LONG file to read? :slight_smile:

@maxletter said:
@blobbo if i’m guessing it right, and w/o spoilering further. Am I on the right track if I say, this is going to be a LONG file to read? :slight_smile:

Well, it is one possible way - but there is another which works too.

I can read some source files…
& I can access where some files are placed…
Can anyone here give a relevant reference where we could teach ourselves all the possible ways to “chop the end off”? So as to convert the read to an exec.


@3mergnc3 I think, we’re in the same place. I’m not sure that “chopping the end off” works any more. Everything I’ve tried failed, and it seems that instead of “chopping”, the inclusion just fails entirely.
I can create files with arbitrary content, but only in that place where they end up dictated by the server, and also with the name dictated by the server.
After that, I have not found any way to include them for my nefarious purposes. I had high hopes for compression, but that failed me as well.
Currently out of ideas, and can’t find any sources on EllEffEye that would show me something else I haven’t tried yet.
I’m actually through my third iteration of trying out each approach. Either I’m consistently trying the winning one in a wrong way, or I’m missing it entirely.

Would love a hint, totally happy with a self-education source that covers the right strategy here.

Got it. I had already tried the right route, but made a mistake. I created my payload with g***, but should have used *** instead, otherwise the server wouldn’t accept it. I should have tried both, but made the wrong assumption that the latter wouldn’t work if the former doesn’t. Mea culpa, as always.

Hi, I have not been able to execute the uploaded payload… any pointers

I am stuck on the payload as well… any tips?

never mind… i am in